[SOLVED] lxc uid mapping woes

[lifeboy]

I'm struggling to understand from the example here what the complete logic is behind the uid/gid mapping.

I have a container (100). I want to map uid 1034 (which I created for this purpose) to uid 1034 inside the lxc.

So, following the example in the above documentation, I added to /etc/pve/lxc/100.conf:

lxc.idmap: u 0 100000 1034
lxc.idmap: g 0 100000 1034
lxc.idmap: u 1034 1034 1
lxc.idmap: g 1034 1034 1
lxc.idmap: u 1035 101035 64530
lxc.idmap: g 1035 101035 64530

then modified

# cat /etc/subuid
root:1034:1
# cat /etc/subgid
root:1034:1

Now when I start lxc 100, I get this error.

lxc_map_ids: 3087 newuidmap failed to write mapping "newuidmap: uid range [0-1034) -> [100000-101034) not allowed": newuidmap 158145 0 100000 1034 1034 1034 1 1035 101035 64530
lxc_spawn: 1783 Failed to set up id mapping.
__lxc_start: 2073 Failed to spawn container "100"
startup for container '100' failed

As soon as I remove all the above, the container start again.

The documentation is sparse on this, so what is going wrong please?

 

[oguz]

hi,

your container config has the wrong range,
(65535 - 1034 = 64501). in the example it's done for id 1005 (65535 - 1005 = 64530).
it should look like this:

lxc.idmap: u 0 100000 1034
lxc.idmap: g 0 100000 1034
lxc.idmap: u 1034 1034 1
lxc.idmap: g 1034 1034 1
lxc.idmap: u 1035 101035 64501
lxc.idmap: g 1035 101035 64501

/etc/subuid and /etc/subgid looks correct.

try this config and it should probably work

 

[lifeboy]

Thanks, it's sorted now.