Need extra range for uid in unprivileged lxc containers


Mar 11, 2013

I need to allow some bigger uid than the default one (65536) in LXC containers (eg. mine is >72000 and new users are >120000 in the LDAP).

  • As i understand lxc.idmap definition (in UID MAPPINGS section of linux.container manpage), these lines (in /etc/pve/local/lxc/2100.conf file) should allow UID from 0 to 200000 in the container :
    unprivileged: 1
    lxc.idmap = u 0 100000 200000
    lxc.idmap = g 0 100000 200000
  • But the container failed at startup :
    lxc-start 2100 20190417092144.307 ERROR    conf - conf.c:lxc_map_ids:3053 - newuidmap failed to write mapping "newuidmap: uid range [0-200000) -> [100000-300000) not allowed": newuidmap 3586 0 100000 200000
    lxc-start 2100 20190417092144.307 ERROR    start - start.c:lxc_spawn:1727 - Failed to set up id mapping.
  • The system is up-to-date, but the `pveversion` just in case :
    sudo pveversion -v
    proxmox-ve: 5.4-1 (running kernel: 4.15.18-12-pve)
    pve-manager: 5.4-3 (running version: 5.4-3/0a6eaa62)
    pve-kernel-4.15: 5.3-3
    pve-kernel-4.15.18-12-pve: 4.15.18-35
    corosync: 2.4.4-pve1
    criu: 2.11.1-1~bpo90
    glusterfs-client: 3.8.8-1
    ksm-control-daemon: not correctly installed
    libjs-extjs: 6.0.1-2
    libpve-access-control: 5.1-8
    libpve-apiclient-perl: 2.0-5
    libpve-common-perl: 5.0-50
    libpve-guest-common-perl: 2.0-20
    libpve-http-server-perl: 2.0-13
    libpve-storage-perl: 5.0-41
    libqb0: 1.0.3-1~bpo9
    lvm2: 2.02.168-pve6
    lxc-pve: 3.1.0-3
    lxcfs: 3.0.3-pve1
    novnc-pve: 1.0.0-3
    proxmox-widget-toolkit: 1.0-25
    pve-cluster: 5.0-36
    pve-container: 2.0-37
    pve-docs: 5.4-2
    pve-edk2-firmware: 1.20190312-1
    pve-firewall: 3.0-19
    pve-firmware: 2.0-6
    pve-ha-manager: 2.0-9
    pve-i18n: 1.1-4
    pve-libspice-server1: 0.14.1-2
    pve-qemu-kvm: 2.12.1-3
    pve-xtermjs: 3.12.0-1
    qemu-server: 5.0-50
    smartmontools: 6.5+svn4324-1
    spiceterm: 3.0-5
    vncterm: 1.5-3

So… did i miss something in my configuration or are we still unable to modify it ?

PS : At least, i understood why, few years ago, i wasn't able to have a working unprivileged LXC (with my user) when i tried with Proxmox 4.X :Þ


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!