Hello,
I have a raw.idmap: "both 1000 1000" statement on my lxc profile, and I can mount directories happily.
But if I publish an image from that container, then launch a container from that image, files are mounted with nobody user. I understand that pub image / launch new container from that image, causes some statements in the profile to get lost?
Which statements/settings do get lost when an image is published?
Best Regards,
C.
Can you show lxc config show --expanded of the source container as well as the newly created container?
Hello,
The profile info from the old published container does not go to newly created container.
not only raw.id but ethernet config, etc. also gone.
I launch the new container by: lxc launch image_alias new_container_name
i.e. I dont use the --profile… I was thinking it would get this data from the published container.
Best regards,
C
This is the config of the newly created container:
architecture: x86_64
config:
image.architecture: x86_64
image.description: Ubuntu 20.04 LTS server (20210119.1)
image.os: ubuntu
image.release: focal
volatile.base_image: a81046522c6f179defd4059324c7e9b451f7b67ac8c3aeb2d2af39c0239430b6
volatile.eth0.host_name: veth8476774d
volatile.eth0.hwaddr: 00:16:3e:b0:ad:0d
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.uuid: eb37d7e2-a664-4c76-b6aa-fe0b2ab73047
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
and previously created container:
architecture: x86_64
config:
environment.DISPLAY: :0
image.architecture: amd64
image.description: ubuntu 20.04 LTS amd64 (release) (20210119.1)
image.label: release
image.os: ubuntu
image.release: focal
image.serial: “20210119.1”
image.type: squashfs
image.version: “20.04”
nvidia.driver.capabilities: all
nvidia.runtime: “true”
raw.idmap: both 1000 1000
user.user-data: |
#cloud-config
package_update: yes
package_upgrade: yes
packages:
- net-tools
- bridge-utils
- x11-apps
- mesa-utils
- libnss-mdns
- gnuplot-nox
- ffmpeg
- xvfb
runcmd:
- [sh, ‘-c’, ‘rm -rf /var/lib/apt/lists/*’]
volatile.base_image: 690801402e1d4e02c07ba2d1a29bb9a9b4825f037c12ccad8cb4d062d2450d2c
volatile.eth0.hwaddr: 00:16:3e:e9:14:2e
volatile.eth0.name: eth0
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:true,“Isgid”:false,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:false,“Isgid”:true,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:true,“Isgid”:false,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:false,“Isgid”:true,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:true,“Isgid”:false,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000},{“Isuid”:true,“Isgid”:true,“Hostid”:1000,“Nsid”:1000,“Maprange”:1},{“Isuid”:false,“Isgid”:true,“Hostid”:1001001,“Nsid”:1001,“Maprange”:999998999}]’
volatile.last_state.power: STOPPED
volatile.uuid: c09a4e66-3c2f-4c5e-8bf7-4ebe4b63b067
devices:
X0:
bind: container
connect: unix:@/tmp/.X11-unix/X1
listen: unix:@/tmp/.X11-unix/X0
security.gid: “1000”
security.uid: “1000”
type: proxy
eth0:
nictype: macvlan
parent: enp63s0
type: nic
mygpu:
type: gpu
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
Your new container was created using the default profile, your old one is using the gazebo-noetic profile, this is likely the source of difference in your configs.
Images do not hold configuration or profile data, they only hold a root filesystem and some properties used for search/indexing purposes.
We don’t want images to be able to hold configuration as that would allow for someone to publish a harmless looking image which then uses LXD configs to harm the host or steal user data.
So in your case, passing -p gazebo-noetic during lxc launch should do the trick.
There is one other thing you could do, which is to edit your image after creation using lxc image edit and change its default set of profiles to be gazebo-noetic.
This will then make lxc launch use that profile rather than default.