Hi,
I'm trying to bind-mount a folder in an unprivileged container and be able to read-write-create files on that mount. But so far I was only able to mount the folder but from within the container it is not possible to even see the contents of the folder (nobody permissions).
So I'm trying to do the user mapping as per https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
So I created a user on the proxmox server (user1 with ID 20001), and inside the container (user1 with ID 1001). So what I'm trying to do is to map both users on both sides. Set the folder permission on the Server side for the user1 so I can access from the container side using user1.
So I added this line to the /etc/pve/lxc/100.conf file:
lxc.idmap = u 1001 20001 1
lxc.idmap = g 1001 20001 1
So by my understanding this should map the user with ID 20001 from the proxmox host, to the user with ID 1001 inside the container.
But then the container is unable to start. Proxmox itself doesn't tell anything about what went wrong. But when I run the command: lxc-start -F -n 100
This is the output:
lxc-start: 100: conf.c: chown_mapped_root: 3016 No uid mapping for container root
lxc-start: 100: terminal.c: lxc_terminal_map_ids: 1203 Failed to chown terminal "/dev/pts/2"
lxc-start: 100: start.c: lxc_init: 841 Failed to chown console
lxc-start: 100: start.c: __lxc_start: 1849 Failed to initialize container "100"
The container failed to start.
Although the subguid seems to be different from each user's real ID
So on the server side:
cat /etc/subgid
root:100000:65536
user1:165536:65536
And in the container side:
cat /etc/subgid
admin:100000:65536
user1:165536:65536
Anybody has an idea how to make this work? Why is the uid mapping for root breaking whenever I set custom UID mappings?
I'm trying to bind-mount a folder in an unprivileged container and be able to read-write-create files on that mount. But so far I was only able to mount the folder but from within the container it is not possible to even see the contents of the folder (nobody permissions).
So I'm trying to do the user mapping as per https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
So I created a user on the proxmox server (user1 with ID 20001), and inside the container (user1 with ID 1001). So what I'm trying to do is to map both users on both sides. Set the folder permission on the Server side for the user1 so I can access from the container side using user1.
So I added this line to the /etc/pve/lxc/100.conf file:
lxc.idmap = u 1001 20001 1
lxc.idmap = g 1001 20001 1
So by my understanding this should map the user with ID 20001 from the proxmox host, to the user with ID 1001 inside the container.
But then the container is unable to start. Proxmox itself doesn't tell anything about what went wrong. But when I run the command: lxc-start -F -n 100
This is the output:
lxc-start: 100: conf.c: chown_mapped_root: 3016 No uid mapping for container root
lxc-start: 100: terminal.c: lxc_terminal_map_ids: 1203 Failed to chown terminal "/dev/pts/2"
lxc-start: 100: start.c: lxc_init: 841 Failed to chown console
lxc-start: 100: start.c: __lxc_start: 1849 Failed to initialize container "100"
The container failed to start.
Although the subguid seems to be different from each user's real ID
So on the server side:
cat /etc/subgid
root:100000:65536
user1:165536:65536
And in the container side:
cat /etc/subgid
admin:100000:65536
user1:165536:65536
Anybody has an idea how to make this work? Why is the uid mapping for root breaking whenever I set custom UID mappings?
