On Wed, 13 Jul 2016 12:36:07 +0700 "Fajar A. Nugraha" <[email protected]> wrote:
> > I don't think you can use overlapping id_map. Example on > https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/ > Fajar, how is the following an overlapping id_map: lxc.id_map = u 250 250 1 lxc.id_map = g 250 250 1 lxc.id_map = u 0 100000 1000 lxc.id_map = g 0 100000 1000 ? On Wed, 13 Jul 2016 07:58:21 +0200 Guido J__kel <[email protected]> wrote: > > But don't think that Gentoo need to have the user/group of the > portage tree to be "portage:portage" for the purpose to run a ebuild. > This will be a requirement for portage sync operations, of corse. But > this ones, you probably want to run on the host, i think. Maybe you > should even bind-mount it read-only to your containers. > Guido, if I use the following: lxc.id_map = u 1000 250 1 lxc.id_map = g 1000 250 1 lxc.id_map = u 0 100000 1000 lxc.id_map = g 0 100000 1000 Container uid=1000 can create files in distfiles that end up as uid=portage files in the tree, but uid=1000 can't run emerge. Or, a container root emerge terminates with the following chown yuck: * tail -f /var/log/emerge-fetch.log bash: /usr/portage/distfiles/.__portage_test_write__: Permission denied [Errno 1] Operation not permitted: b'/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile': chown('/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile', -1, 250) Cannot chown a lockfile: '/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile' Group IDs of current user: 1000 0 1 2 3 4 6 10 11 26 27 >>> Downloading >>> 'http://distfiles.gentoo.org/distfiles/Net-Daemon-0.48.tar.gz' /usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied >>> Downloading >>> >>> 'http://search.cpan.org/CPAN/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz' /usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied >>> Downloading >>> 'http://www.cpan.org/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz' /usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied >>> Downloading >>> >>> 'http://cpan.metacpan.org/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz' /usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied !!! Couldn't download 'Net-Daemon-0.48.tar.gz'. Aborting. * Fetch failed for 'dev-perl/Net-Daemon-0.480.0-r1', Log file: * '/var/tmp/portage/dev-perl/Net-Daemon-0.480.0-r1/temp/build.log' _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
