Bug? 'newgidmap: write to gid_map failed: Invalid argument'

unaszplodr · April 21, 2023, 8:32pm

I’m just trying to set some group mappings on a testbed system running Debian Bookworm and am seeing the following error from a valid (I think) configuration:

newgidmap failed to write mapping "newgidmap: write to gid_map failed: Invalid argument": newgidmap 8256 1000 1000 1 0 362147 65536

The mappings in the container config are:

lxc.idmap = u 0 362147 65536
lxc.idmap = g 1000 1000 1
lxc.idmap = g 0 362147 65536

And /etc/subgid contains:

root:165536:1000001
root:1000:1

Am I doing something wrong maybe, or have I found a bug?

root@alpha61:~# dpkg -l uidmap
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version           Architecture Description
+++-==============-=================-============-=================================
ii  uidmap         1:4.13+dfsg1-1+b1 amd64        programs to help use subuids

amikhalitsyn · April 24, 2023, 10:32am

Hi @unaszplodr

no, it’s not a bug.

Kernel tells you EINVAL. And it’s because your GID ranges are intersecting inside the user namespace. You have a mapping from 1000 (inside) to 1000 (outside) and at the same time 1000 (inside) lays in the [0, 65536] set (from g 0 362147 65536)

You can try something like this:

lxc.idmap = u 0 362147 65536
lxc.idmap = g 0 362147 999
lxc.idmap = g 1000 1000 1
lxc.idmap = g 1001 363146 64536

(not tested!)

unaszplodr · April 25, 2023, 1:00am

Ahhh! I see. Thank you!