unpriviledged container idmap

M

mdahamshi

New Member
Jan 4, 2021
8
0
1
35
Hey
I downloaded the turnkey file-server, then bound mounted some zfs storage, I cannot write to the storage, (nobody,nogroup)
I followed this guide:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

but it didn't work ! (I try to run sleep from the container and it get 101005 uid in host)
What I did wrong ?


system details:
lxc/102.conf (host)
/etc/subuid (host)
/etc/subgid (host)

at host :
fileserver:x:1005:1005::/home/fileserver:/bin/bash

at container:
fileserver:x:1005:1005::/home/fileserver:/bin/bash
 
Last edited:
root@mmd-server:~# ls -l /mmd_server/tmp/
total 5
-rw-r--r-- 1 fileserver nas_users 950 Jan 3 12:41 102.conf
-rw-r--r-- 1 fileserver nas_users 0 Jan 2 22:38 a
 
the permission is ok
when I run sleep 1001 in the container, and then do a ps in the host, the user id is still 101005 (it should be 1005 because of the mapping)
 
Please try lxc.idmap: u 1005 101005 1 and lxc.idmap: g 1005 101005 1 instead of the 1005 1005 mapping you have currently.
That works for me (when mapping the video group from the host to a container). I do not think that the mapping actually changes the user ID on the host.
 
it didn't help
avw said:
Please try lxc.idmap: u 1005 101005 1 and lxc.idmap: g 1005 101005 1 instead of the 1005 1005 mapping you have currently.
That works for me (when mapping the video group from the host to a container). I do not think that the mapping actually changes the user ID on the host.
Click to expand...
it didn't help :(
 
avw said:
Can you try without using snapshots? I'm not sure if the lxc.idmap lines are applied correctly because they are below [s0] and the mp lines are above it.
Click to expand...
Thank you very much :D
I removed the snapshot, then automatically the idmap lines removed (maybe there was something wrong with them) now I pasted them under unprivileged: 1 , and it worked !
Thank you again.
 
You must log in or register to reply here.
Top Bottom