Hi Xavier, Thank you for your response. I even tried with bigger range, but still no luck.
in 1st container (cont1) config, lxc.id_map = u 0 100000 1000 lxc.id_map = g 0 100000 1000 & and in 2nd container (cont2) config: lxc.id_map = u 0 101500 1000 lxc.id_map = g 0 101500 1000 get the same error lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:mount_rootfs:798 - Permission denied - Failed to get real path for "/home/oxpd/.local/share/lxc/uidranges/rootfs". lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:setup_rootfs:1220 - Failed to mount rootfs "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)". lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges' lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn lxc-start 20180817035100.984 ERROR lxc_start - start.c:do_start:811 - Failed to setup container "uidranges". lxc-start 20180817035100.984 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3) lxc-start 20180817035100.985 ERROR lxc_start - start.c:__lxc_start:1358 - Failed to spawn container "uidranges". lxc-start 20180817035106.524 ERROR lxc_start_ui - tools/lxc_start.c:main:366 - The container failed to start. lxc-start 20180817035106.525 ERROR lxc_start_ui - tools/lxc_start.c:main:368 - To get more details, run the container in foreground mode. lxc-start 20180817035106.525 ERROR lxc_start_ui - tools/lxc_start.c:main:370 - Additional information can be obtained by setting the --logfile and --logpriority options. If I try something like below: in 1st container (cont1) config, lxc.id_map = u 0 100000 1000 lxc.id_map = g 0 100000 1000 and in 2nd container (cont2) config: lxc.id_map = u 0 100000 2000 lxc.id_map = g 0 100000 2000 it works, but on the host both the containers created by my lxcuser has same userid which is 100000. Hence, it is not possible to identify each container uniquely on host machine My query is that, is there any way a non-root user can create various containers and each container will have unique UserId on the host machine ?? Thanks for your help, Yasoda From: Xavier Gendre <gendre.rei...@gmail.com> To: lxc-users@lists.linuxcontainers.org Cc: Bcc: Date: Mon, 20 Aug 2018 09:24:31 +0200 Subject: Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ?? Hi Yasoda, only 10 ids is a bit short for a container. You should increase this number to cover at least the system ids 0-999. Depending on the distribution you run in your containers, you can be sharper and only involve the needed ids but they all have to be covered. Xavier > On Fri, Aug 17, 2018 at 9:34 AM Yasoda Padala <padala.yas...@gmail.com> > wrote: > >> Hi All, >> I have created non-root user on my Ubuntu (16.04) machine who creates >> unprivileged LXC containers. >> My user's uid/gid on the host is 1000. >> and below are the entries in /etc/subuid & /etc/subgid files >> >> /etc/subuid: >> lxcuser:100000 65536 >> >> /etc/subgid: >> lxcuser:100000:65536 >> >> My requirement is for each LXC unprivileged container, I should be able >> to pick a UID/GID range. >> For instance, I have created two LXC containers cont1 and cont2 >> in cont1 config, I have added the below id mappings >> lxc.id_map = u 0 100000 10 >> lxc.id_map = g 0 100000 10 >> >> and in con2 config file, I have added the below id mappings >> lxc.id_map = u 0 100020 10 >> lxc.id_map = g 0 100020 10 >> >> cont1 starts successfullly but cont2 gives the below error while starting >> the container >> >> lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:mount_rootfs:798 >> - Permission denied - Failed to get real path for >> "/home/oxpd/.local/share/lxc/uidranges/rootfs". >> >> lxc-start 20180817035100.984 ERROR lxc_conf - >> conf.c:setup_rootfs:1220 - Failed to mount rootfs >> "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto >> "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)". >> >> lxc-start 20180817035100.984 ERROR lxc_conf - >> conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges' >> >> lxc-start 20180817035100.984 ERROR lxc_conf - >> conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn >> >> lxc-start 20180817035100.984 ERROR lxc_start - >> start.c:do_start:811 - Failed to setup container "uidranges". >> >> lxc-start 20180817035100.984 ERROR lxc_sync - >> sync.c:__sync_wait:57 - An error occurred in another process (expected >> sequence number 3) >> >> lxc-start 20180817035100.985 ERROR lxc_start - >> start.c:__lxc_start:1358 - Failed to spawn container "uidranges". >> >> lxc-start 20180817035106.524 ERROR lxc_start_ui - >> tools/lxc_start.c:main:366 - The container failed to start. >> >> lxc-start 20180817035106.525 ERROR lxc_start_ui - >> tools/lxc_start.c:main:368 - To get more details, run the container in >> foreground mode. >> >> lxc-start 20180817035106.525 ERROR lxc_start_ui - >> tools/lxc_start.c:main:370 - Additional information can be obtained by >> setting the --logfile and --logpriority options. >> >> >> >> My understanding is lxcuser who has been assigned with id range of >> 100000-165536 can assign a distinct subuid/gid ranges for each container >> spawned by lxcuser. >> >> is my understanding correct ?? I am not finding any reference documents >> for custom user mappings for LXC unprivileged containers >> >> Any help on this is highly appreciated. >> >> >> >> Thanks & Regards, >> >> Yasoda >> >> >> >>
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users