trying to set permission to unprivileged CT

A

Aussi

Member
Jan 20, 2023
42
0
6
Hi all,

Trying to set the good permission to an unprivileged CT.

I want to have the good / root permissions set up to my CT and trying to do so. But it gives me an error trying
I'm trying to get the /dev/dri/renderD128 setup with the right permission so that it can be used on the CT.
hopefully some one can pin point me in the good direction.


Error:
Code: 
lxc_map_ids: 3701 newuidmap failed to write mapping "newuidmap: write to uid_map failed: Invalid argument": newuidmap 2548 0 100000 65536 105 103 1 102 100102 64530
lxc_spawn: 1788 Failed to set up id mapping.
__lxc_start: 2107 Failed to spawn container "103"
TASK ERROR: startup for container '103' failed


Host group:
Code: 
render:x:103:

Guest group:
Code: 
render:x:105:

On the host /etc/subgid and /etc/subuid:
Code: 
root:100000:65536
root:103:1

LXC config:
Code: 
arch: amd64
cores: 2
features: nesting=1
hostname: docker
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=xxxxxxxxxxx,ip=dhcp,type=veth
onboot: 1
ostype: debian
parent: Snap20230214
rootfs: local-lvm:vm-103-disk-0,size=64G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.cgroup2.devices.allow: c 29:0 rwm
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry: /dev/dri/renderD128 dev/renderD128 none bind,optional,create=fi
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 105
lxc.idmap: u 105 103 1
lxc.idmap: g 105 103 1
lxc.idmap: u 102 100102 64530
lxc.idmap: g 102 100102 64530
 
Last edited:
Hello, your lxc.idmap is not quite right, because it defines contradicting mappings for some host uids/gids and container uids/gids.

One example:
  • lxc.idmap: u 0 100000 65536 maps container uids 0-65535 to host uids 100000-165535
  • lxc.idmap: u 105 103 1 maps container uid 105 to host uid 103
These two lines define contradicting host uids for container uid 105: The first line maps it to host uid 100105, the second line to host uid 103. And this is why you get the newuidmap: write to uid_map failed error.

To fix this, you'd need to adjust the mapping such that every host uid/gid and container uid/gid is mapped at most once.
 
  • Like
Reactions: Aussi
Thanks ! pretty new to this part of the deal so still a lot to learn and understand about the mapping.

I will play again soon also in reference of the manual/faq which has been provided about this
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom