Re: [lxc-users] Trying to create a lxc container for running Visual Studio Code

Wed, 10 Feb 2021 05:08:23 -0800 

On Wed, Feb 10, 2021 at 12:10:18PM +0100, Peter Carlsson wrote:
> On Tue, Feb 09, 2021 at 10:59:56PM -0600, Serge E. Hallyn wrote:
> > On Sun, Feb 07, 2021 at 11:19:57PM +0100, Peter Carlsson wrote:
> > > Hello!
> > > 
> > > I am new to lxc and just signed up to this mailing list.
> > > 
> > > As root I have created a lxc container and installed code-insiders to
> > 
> > How did you create it as root, exactly?
> 
> lxc-create -t download -n VisualStudioCode -- -d debian -r buster -a amd64

If you did that as root, it should create the container under
/var/lib/lxc/VisualStudioCode .

> > > run Visual Studio Code inside the container.
> > > 
> > > After reading an article I added the following lines to the containers
> > > config and verified that the UID/GID match host user UID/GID:

So you added this to /var/lib/lxc/VisualStudioCode/config ?

> > > # Container's UID/GID 0-65535 are mapped to host's 100000-165535,
> > > # but UID/GID 1000 on the container is mapped to host's UID/GID 1000.
> > > lxc.idmap = u 0 100000 1000
> > > lxc.idmap = g 0 100000 1000
> > > lxc.idmap = u 1000 1000 1
> > > lxc.idmap = g 1000 1000 1
> > > lxc.idmap = u 1001 101001 64535
> > > lxc.idmap = g 1001 101001 64535
> > > 
> > > When I try as user with UID 1000 to start the container I get:
> > > 
> > > lxc-start -n VisualStudioCode -F
> > >   lxc-start: VisualStudioCode: tools/lxc_start.c: main: 214 You lack 
> > > access to /home/peter/.local/share/lxc
> > Check the ownership and permissions on each directory in the path 
> > /home/peter/.local/share/lxc
> > Give them all o+x so that your subuids can descend them.
> 
> Both /home/peter/.local/share/lxc and /root/.local/share/lxc does not
> exist.

If you want to run the container unprivileged, and you should, then
the easiest way is to create the container unprivileged from the
start, that is, as your non-root user.

> > > When I try as root to start the container I get:
> > > 
> > > lxc-start -n VisualStudioCode -F
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last: 
> > > 1219 File exists - Failed to create directory 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode"
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: 
> > > create_path_for_hierarchy: 1243 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create: 
> > > 1321 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last: 
> > > 1219 File exists - Failed to create directory 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: 
> > > create_path_for_hierarchy: 1243 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create: 
> > > 1321 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last: 
> > > 1219 File exists - Failed to create directory 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2"
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: 
> > > create_path_for_hierarchy: 1243 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create: 
> > > 1321 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last: 
> > > 1219 File exists - Failed to create directory 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: 
> > > create_path_for_hierarchy: 1243 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create: 
> > > 1321 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last: 
> > > 1219 File exists - Failed to create directory 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4" 
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: 
> > > create_path_for_hierarchy: 1243 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4"
> > >   lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create: 
> > > 1321 Failed to create cgroup 
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4" 
> > >   lxc-start: VisualStudioCode: conf.c: lxc_map_ids: 3023 newuidmap failed 
> > > to write mapping "newuidmap: uid range [0-1000) -> [100000-101000) not 
> > > allowed": newuidmap 26576 0 100000 1000 1000 1000 1 1001 101001 64535 
> > >   lxc-start: VisualStudioCode: start.c: lxc_spawn: 1720 Failed to set up 
> > > id mapping.
> > 
> > This is probably because you'd need /etc/subid and /etc/subgid
> > mappings for the root user to use your ranges.  But it's best
> > to get it running as non-root.
> 
> Those files does not even exist. Should I create them manually or are
> they part of the lxc installation?

Try running

sudo usermod -v 100000-200000 -w 100000-200000 peter

does that result in /etc/subuid and /etc/subgid containing something
like

peter:100000:100000

?

> I also notice that in the output above there are two / in the paths
> after unified. Is that only in the output or is it an error?

_Probably_ an error in lxc's output.

> > >   lxc-start: VisualStudioCode: start.c: __lxc_start: 1951 Failed to spawn 
> > > container "VisualStudioCode"
> > >   lxc-start: VisualStudioCode: conf.c: lxc_map_ids: 3023 newuidmap failed 
> > > to write mapping "newuidmap: uid range [0-1000) -> [100000-101000) not 
> > > allowed": newuidmap 26612 0 100000 1000 65536 0 1
> > >   lxc-start: VisualStudioCode: conf.c: userns_exec_1: 4391 Error setting 
> > > up {g,u}id mappings for child process "26612"
> > >   lxc-start: VisualStudioCode: tools/lxc_start.c: main: 330 The container 
> > > failed to start
> > >   lxc-start: VisualStudioCode: tools/lxc_start.c: main: 336 Additional 
> > > information can be obtained by setting the --logfile and --logpriority 
> > > options
> > > 
> > > I am running Debian Buster with lxc version 3.1.0.
> > > 
> > > Obviously I am doing something wrong in my configuration or how I use lxc.
> > > 
> > > Any help would be appreciated.
> > > 
> > > Best regards,
> > > Peter Carlsson
> 
> Thanks for your help!
> 
> /Peter
> _______________________________________________
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Reply via email to