Hi,
I need to allow some bigger uid than the default one (65536) in LXC containers (eg. mine is >72000 and new users are >120000 in the LDAP).
So… did i miss something in my configuration or are we still unable to modify it ?
PS : At least, i understood why, few years ago, i wasn't able to have a working unprivileged LXC (with my user) when i tried with Proxmox 4.X :Þ
I need to allow some bigger uid than the default one (65536) in LXC containers (eg. mine is >72000 and new users are >120000 in the LDAP).
- As i understand lxc.idmap definition (in UID MAPPINGS section of linux.container manpage), these lines (in /etc/pve/local/lxc/2100.conf file) should allow UID from 0 to 200000 in the container :
Code:
… unprivileged: 1 lxc.idmap = u 0 100000 200000 lxc.idmap = g 0 100000 200000 - But the container failed at startup :
Code:
lxc-start 2100 20190417092144.307 ERROR conf - conf.c:lxc_map_ids:3053 - newuidmap failed to write mapping "newuidmap: uid range [0-200000) -> [100000-300000) not allowed": newuidmap 3586 0 100000 200000 lxc-start 2100 20190417092144.307 ERROR start - start.c:lxc_spawn:1727 - Failed to set up id mapping. - The system is up-to-date, but the `pveversion` just in case :
Code:
sudo pveversion -v proxmox-ve: 5.4-1 (running kernel: 4.15.18-12-pve) pve-manager: 5.4-3 (running version: 5.4-3/0a6eaa62) pve-kernel-4.15: 5.3-3 pve-kernel-4.15.18-12-pve: 4.15.18-35 corosync: 2.4.4-pve1 criu: 2.11.1-1~bpo90 glusterfs-client: 3.8.8-1 ksm-control-daemon: not correctly installed libjs-extjs: 6.0.1-2 libpve-access-control: 5.1-8 libpve-apiclient-perl: 2.0-5 libpve-common-perl: 5.0-50 libpve-guest-common-perl: 2.0-20 libpve-http-server-perl: 2.0-13 libpve-storage-perl: 5.0-41 libqb0: 1.0.3-1~bpo9 lvm2: 2.02.168-pve6 lxc-pve: 3.1.0-3 lxcfs: 3.0.3-pve1 novnc-pve: 1.0.0-3 proxmox-widget-toolkit: 1.0-25 pve-cluster: 5.0-36 pve-container: 2.0-37 pve-docs: 5.4-2 pve-edk2-firmware: 1.20190312-1 pve-firewall: 3.0-19 pve-firmware: 2.0-6 pve-ha-manager: 2.0-9 pve-i18n: 1.1-4 pve-libspice-server1: 0.14.1-2 pve-qemu-kvm: 2.12.1-3 pve-xtermjs: 3.12.0-1 qemu-server: 5.0-50 smartmontools: 6.5+svn4324-1 spiceterm: 3.0-5 vncterm: 1.5-3
- I found a post of Dietmar :
- But also found many other posts where users change this mapping…
So… did i miss something in my configuration or are we still unable to modify it ?
PS : At least, i understood why, few years ago, i wasn't able to have a working unprivileged LXC (with my user) when i tried with Proxmox 4.X :Þ