RFC: easy & straightforward lxc unprivileged container uid/gid remap strategy

RolandK

Renowned Member
Mar 5, 2019
962
191
88
51
we all know that uid remapping with unprivileged containers is a complicated thing, especially when you want to share some additional dirs from the hosts filesystem with the container.

i have spend some thoughts and made some receipe:

1. create CT

2. add
lxc.idmap: u 0 <$ctid>00000 65536
lxc.idmap: g 0 <$ctid>00000 65536
to
/etc/pve/lxc/<$ctid>.conf

3. add
root:<$ctid>00000:65536
to
/etc/subuid and /etc/subgid

4. use the uid remap script from https://tbrink.science/blog/2017/06...ed-lxc-containers-to-unprivileged-containers/ to change uids/gids in container filesystem accordingly.

/root/remapuids.py /path/to/container/mountpoint <$ctid-1>00000

for example, for container id 106 now everything is being remapped from 100000 (default) to 10600000, - root (uid 0) inside the container is uid 10600000 on the host, uid 1 is 10600001 and so on....

did i oversee something ?

opinions ?
 
Last edited:
ok, valid point! but i have no better idea on how to make it straigtforward.
i have rarely seen someone using such high numbers for VMs.
is it common ?

i think it's cool that you know can see by uid/gid to which container some files belong
 
ok, valid point! but i have no better idea on how to make it straigtforward.
i have rarely seen someone using such high numbers for VMs.
is it common ?
I use ranges like 10000 or 100000 if I want to create a guest for testing and throw it away afterwards. Because for the more reasonable VMID ranges I never use a VMID twice and I have to document using it.

i think it's cool that you know can see by uid/gid to which container some files belong
Jup, that's a nice feature.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!