On Wed, Feb 10, 2021 at 12:10:18PM +0100, Peter Carlsson wrote:
> On Tue, Feb 09, 2021 at 10:59:56PM -0600, Serge E. Hallyn wrote:
> > On Sun, Feb 07, 2021 at 11:19:57PM +0100, Peter Carlsson wrote:
> > > Hello!
> > >
> > > I am new to lxc and just signed up to this mailing list.
> > >
> > > As root I have created a lxc container and installed code-insiders to
> >
> > How did you create it as root, exactly?
>
> lxc-create -t download -n VisualStudioCode -- -d debian -r buster -a amd64
If you did that as root, it should create the container under
/var/lib/lxc/VisualStudioCode .
> > > run Visual Studio Code inside the container.
> > >
> > > After reading an article I added the following lines to the containers
> > > config and verified that the UID/GID match host user UID/GID:
So you added this to /var/lib/lxc/VisualStudioCode/config ?
> > > # Container's UID/GID 0-65535 are mapped to host's 100000-165535,
> > > # but UID/GID 1000 on the container is mapped to host's UID/GID 1000.
> > > lxc.idmap = u 0 100000 1000
> > > lxc.idmap = g 0 100000 1000
> > > lxc.idmap = u 1000 1000 1
> > > lxc.idmap = g 1000 1000 1
> > > lxc.idmap = u 1001 101001 64535
> > > lxc.idmap = g 1001 101001 64535
> > >
> > > When I try as user with UID 1000 to start the container I get:
> > >
> > > lxc-start -n VisualStudioCode -F
> > > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 214 You lack
> > > access to /home/peter/.local/share/lxc
> > Check the ownership and permissions on each directory in the path
> > /home/peter/.local/share/lxc
> > Give them all o+x so that your subuids can descend them.
>
> Both /home/peter/.local/share/lxc and /root/.local/share/lxc does not
> exist.
If you want to run the container unprivileged, and you should, then
the easiest way is to create the container unprivileged from the
start, that is, as your non-root user.
> > > When I try as root to start the container I get:
> > >
> > > lxc-start -n VisualStudioCode -F
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last:
> > > 1219 File exists - Failed to create directory
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c:
> > > create_path_for_hierarchy: 1243 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create:
> > > 1321 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last:
> > > 1219 File exists - Failed to create directory
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c:
> > > create_path_for_hierarchy: 1243 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create:
> > > 1321 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-1"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last:
> > > 1219 File exists - Failed to create directory
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c:
> > > create_path_for_hierarchy: 1243 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create:
> > > 1321 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-2"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last:
> > > 1219 File exists - Failed to create directory
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c:
> > > create_path_for_hierarchy: 1243 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create:
> > > 1321 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-3"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: mkdir_eexist_on_last:
> > > 1219 File exists - Failed to create directory
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c:
> > > create_path_for_hierarchy: 1243 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4"
> > > lxc-start: VisualStudioCode: cgroups/cgfsng.c: cgfsng_payload_create:
> > > 1321 Failed to create cgroup
> > > "/sys/fs/cgroup/unified//lxc/VisualStudioCode-4"
> > > lxc-start: VisualStudioCode: conf.c: lxc_map_ids: 3023 newuidmap failed
> > > to write mapping "newuidmap: uid range [0-1000) -> [100000-101000) not
> > > allowed": newuidmap 26576 0 100000 1000 1000 1000 1 1001 101001 64535
> > > lxc-start: VisualStudioCode: start.c: lxc_spawn: 1720 Failed to set up
> > > id mapping.
> >
> > This is probably because you'd need /etc/subid and /etc/subgid
> > mappings for the root user to use your ranges. But it's best
> > to get it running as non-root.
>
> Those files does not even exist. Should I create them manually or are
> they part of the lxc installation?
Try running
sudo usermod -v 100000-200000 -w 100000-200000 peter
does that result in /etc/subuid and /etc/subgid containing something
like
peter:100000:100000
?
> I also notice that in the output above there are two / in the paths
> after unified. Is that only in the output or is it an error?
_Probably_ an error in lxc's output.
> > > lxc-start: VisualStudioCode: start.c: __lxc_start: 1951 Failed to spawn
> > > container "VisualStudioCode"
> > > lxc-start: VisualStudioCode: conf.c: lxc_map_ids: 3023 newuidmap failed
> > > to write mapping "newuidmap: uid range [0-1000) -> [100000-101000) not
> > > allowed": newuidmap 26612 0 100000 1000 65536 0 1
> > > lxc-start: VisualStudioCode: conf.c: userns_exec_1: 4391 Error setting
> > > up {g,u}id mappings for child process "26612"
> > > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 330 The container
> > > failed to start
> > > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 336 Additional
> > > information can be obtained by setting the --logfile and --logpriority
> > > options
> > >
> > > I am running Debian Buster with lxc version 3.1.0.
> > >
> > > Obviously I am doing something wrong in my configuration or how I use lxc.
> > >
> > > Any help would be appreciated.
> > >
> > > Best regards,
> > > Peter Carlsson
>
> Thanks for your help!
>
> /Peter
> _______________________________________________
> lxc-users mailing list
> [email protected]
> http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
