Unable to configure raw.id_map with multiple entries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Christian Brauner | ||
lxd (Ubuntu) |
Invalid
|
Undecided
|
Christian Brauner |
Bug Description
I am trying to map two users (999, 1001) to one of my containers. I added both IDs to /etc/subgid and /etc/subuid. I followed by setting raw.id_map property value (as instructed here https:/
"echo -e "both 999 999\nboth 1001 1001" | lxc config set mycontainer raw.idmap -"
However upon starting the container, I get errors (log excerpt below). If, on the other hand, I set idmap to either "both 999 999" or "both 1001 1001" only - i.e. if I map only one user at the time, the container starts just fine and the user is mapped as expected.
My subgid and subuid look as follows:
lxd:100000:65536
root:100000:65536
root:1001:1
root:999:1
Log excerpt:
Name: mycontainer
Remote: unix:/var/
Architecture: x86_64
Created: 2017/02/22 18:54 UTC
Status: Stopped
Type: persistent
Profiles: default
Log:
lxc 20170519204102.895 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.896 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.897 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.897 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.897 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.898 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.898 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.898 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.898 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.898 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.899 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.899 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.899 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.899 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.900 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.900 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.900 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.900 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.901 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.901 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.901 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.901 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.123 ERROR lxc_conf - conf.c:
lxc 20170519204102.123 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.169 WARN lxc_conf - conf.c:
lxc 20170519204102.170 ERROR lxc_start - start.c:
lxc 20170519204102.764 ERROR lxc_conf - conf.c:
lxc 20170519204102.764 ERROR lxc_start - start.c:
lxc 20170519204102.764 WARN lxc_commands - commands.
lxc 20170519204102.764 WARN lxc_commands - commands.
lxc 20170519204102.770 ERROR lxc_conf - conf.c:
lxc 20170519204102.770 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.775 ERROR lxc_conf - conf.c:
lxc 20170519204102.775 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.781 ERROR lxc_conf - conf.c:
lxc 20170519204102.781 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.787 ERROR lxc_conf - conf.c:
lxc 20170519204102.787 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.793 ERROR lxc_conf - conf.c:
lxc 20170519204102.793 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.798 ERROR lxc_conf - conf.c:
lxc 20170519204102.798 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.803 ERROR lxc_conf - conf.c:
lxc 20170519204102.803 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.808 ERROR lxc_conf - conf.c:
lxc 20170519204102.808 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.813 ERROR lxc_conf - conf.c:
lxc 20170519204102.813 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.818 ERROR lxc_conf - conf.c:
lxc 20170519204102.818 ERROR lxc_cgfsng - cgroups/
lxc 20170519204102.823 ERROR lxc_conf - conf.c:
lxc 20170519204102.823 ERROR lxc_cgfsng - cgroups/
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: lxd 2.0.9-0ubuntu1~
ProcVersionSign
Uname: Linux 4.4.0-77-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Fri May 19 16:42:04 2017
InstallationDate: Installed on 2016-07-28 (295 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
SHELL=/bin/bash
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SourcePackage: lxd
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in lxd (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in lxc (Ubuntu): | |
status: | New → Fix Committed |
assignee: | nobody → Christian Brauner (cbrauner) |
Changed in lxc (Ubuntu): | |
status: | Fix Committed → Fix Released |
So the reason why this happens is that internally the id mapping you requested will look like this:
NSID HOSTID RANGE
0 1000000 999
999 999 1
1000 1001000 1
1001 1001 1
1002 1001002 999998998
However, the mappings don't include a mapping for UID 0 with which LXD sets up the container. LXC will internally add the missing mapping for UID 0 which means you are trying to write 6 mappings to the corresponding files in proc. But user namespaces currently enforce a limit of 5 limits.