Unprivileged LXC and bind mount woes

Mar 10, 2016
8
0
1
57
Hi,

I am running Proxmox 4 with all updates.

I am battling to get unprivileged containers and bind mounts working as per these instructions:

https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

I created a new unprivileged Ubuntu 14.0.4 container from the available template and created a user called 'smart' with uid and gid of 1005 (as per the example)

I created the bind mount and started the container.

My bind mount has the correct uid:gid for the files and folders

root@lxc-std:/# ls -lan /mnt/files
total 41396
drwxr-xr-x 10 1005 1005 4096 Jan 6 11:01 .
drwxr-xr-x 3 0 0 4096 Jan 30 12:44 ..
drwxr-xr-x 2 1005 1005 4096 Jan 4 12:40 Data_Backups

but the 'smart' user's home directory has incorrect/invalid uid/gid and is totally unusable

root@lxc-std:/# ls -lan /home/smart
total 20
drwxr-xr-x 2 65534 65534 4096 Feb 1 12:30 .
drwxr-xr-x 4 0 0 4096 Feb 1 12:30 ..
-rw-r--r-- 1 65534 65534 220 Feb 1 12:30 .bash_logout
-rw-r--r-- 1 65534 65534 3637 Feb 1 12:30 .bashrc
-rw-r--r-- 1 65534 65534 675 Feb 1 12:30 .profile

I have tried restarting the host as well to see if this helps, but no luck.

Here are the relevant config files that I updated as per the example:


/etc/pve/lxc/106.conf:

#DHCP 192.168.0.207
arch: amd64
cores: 1
hostname: lxc-std
memory: 512
mp0: /mnt/files,mp=/mnt/files
net0: name=eth0,bridge=vmbr0,hwaddr=46:6D:20:77:11:6C,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-106-disk-1,size=4G
swap: 512
unprivileged: 1
lxc.id_map = u 0 100000 1005
lxc.id_map = g 0 100000 1005
lxc.id_map = u 1005 1005 1
lxc.id_map = g 1005 1005 1
lxc.id_map = u 1006 101006 64530
lxc.id_map = g 1006 101006 64530


/etc/subuid:

systemd-timesync:100000:65536
systemd-network:165536:65536
systemd-resolve:231072:65536
systemd-bus-proxy:296608:65536
statd:362144:65536
sshd:427680:65536
messagebus:493216:65536
postfix:558752:65536
ais:624288:65536
root:100000:65536
root:1005:1


/etc/subgid:

systemd-timesync:100000:65536
systemd-network:165536:65536
systemd-resolve:231072:65536
systemd-bus-proxy:296608:65536
statd:362144:65536
sshd:427680:65536
messagebus:493216:65536
postfix:558752:65536
ais:624288:65536
root:100000:65536
root:1005:1

Can anyone shed some light on this please as it is driving me crazy.
 
Mar 10, 2016
8
0
1
57
After messing around with this since this post, I have found the cause of the problem and a work around.

I was always creating the user with the required uid:gid BEFORE adding the bind mount.

If I do this, then the bind mount works correctly, but the local user has 'wrong' permissions as I described previously.

HOWEVER

If I create the bind mount and mappings BEFORE creating the local user with the required uid:gid then the local user and bind mount user have the correct uid:gid and all works as expected.

I am surprised no-one has run into this previously.

Maybe the documentation can be updated to mention this?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!