Cannot Create Kali LXD Containers with GUI support

I am trying to create an LXD Kali container with GUI support as described by their official documentation. However, I am getting the following error :

Creating gui-kali
Starting gui-kali
Error: Failed to run: /usr/bin/lxd forkstart gui-kali /var/lib/lxd/containers /var/log/lxd/gui-kali/lxc.conf: 
Try `lxc info --show-log local:gui-kali` for more info

Here’s my /var/log/lxd/gui-kali/lxc.conf :

lxc.log.file = /var/log/lxd/gui-kali/lxc.log
lxc.log.level = warn
lxc.console.buffer.size = auto
lxc.console.size = auto
lxc.console.logfile = /var/log/lxd/gui-kali/console.log
lxc.mount.auto = proc:rw sys:rw cgroup:mixed
lxc.autodev = 1
lxc.pty.max = 1024
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file,optional 0 0
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file,optional 0 0
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/config sys/kernel/config none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/tracing sys/kernel/tracing none rbind,create=dir,optional 0 0
lxc.mount.entry = /dev/mqueue dev/mqueue none rbind,create=dir,optional 0 0
lxc.include = /usr/share/lxc/config/common.conf.d/
lxc.arch = linux64
lxc.hook.version = 1
lxc.hook.pre-start = /proc/628/exe callhook /var/lib/lxd "default" "gui-kali" start
lxc.hook.stop = /usr/bin/lxd callhook /var/lib/lxd "default" "gui-kali" stopns
lxc.hook.post-stop = /usr/bin/lxd callhook /var/lib/lxd "default" "gui-kali" stop
lxc.tty.max = 0
lxc.uts.name = gui-kali
lxc.mount.entry = /var/lib/lxd/devlxd dev/lxd none bind,create=dir 0 0
lxc.seccomp.profile = /var/lib/lxd/security/seccomp/gui-kali
lxc.idmap = u 0 1000000 1000
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1
lxc.idmap = u 1001 1001001 999998999
lxc.idmap = g 0 1000000 1000
lxc.idmap = g 1001 1001001 999998999
lxc.environment = DISPLAY=:0
lxc.mount.auto = shmounts:/var/lib/lxd/shmounts/gui-kali:/dev/.lxd-mounts
lxc.net.0.name = eth0
lxc.net.0.type = phys
lxc.net.0.flags = up
lxc.net.0.link = vethe191e4d9
lxc.rootfs.path = dir:/var/lib/lxd/containers/gui-kali/rootfs
lxc.mount.entry = /var/lib/lxd/devices/gui-kali/disk.X0.tmp-.X11--unix-X0 tmp/.X11-unix/X0 none bind,create=file 0 0
lxc.mount.entry = /var/lib/lxd/devices/gui-kali/disk.PASocket.tmp-.pulse--native tmp/.pulse-native none bind,create=file 0 0
lxc.cgroup.devices.allow = c 226:0 rwm
lxc.cgroup.devices.allow = c 226:128 rwm
lxc.mount.entry = /var/lib/lxd/devices/gui-kali/unix.mygpu.dev-dri-card0 dev/dri/card0 none bind,create=file 0 0
lxc.mount.entry = /var/lib/lxd/devices/gui-kali/unix.mygpu.dev-dri-renderD128 dev/dri/renderD128 none bind,create=file 0 0

I guess it’s something to do with /etc/subgid and /etc/subuid.
Here’s my /etc/subgid :

root:1000000:1000000000
lxd:1000000:1000000000

Here’s my /etc/subuid :

root:1000000:1000000000
lxd:1000000:1000000000

Output of lxc info --show-log local:gui-kali is :

Name: gui-kali
Location: none
Remote: unix://
Architecture: x86_64
Created: 2021/01/11 11:04 UTC
Status: Stopped
Type: container
Profiles: default, gui

Log:

lxc gui-kali 20210111110428.247 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor.gui-kali"
lxc gui-kali 20210111110428.250 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.payload.gui-kali"
lxc gui-kali 20210111110428.259 ERROR    conf - conf.c:lxc_map_ids:2864 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 34513 0 1000000 1000 1000 1000 1 1001 1001001 999998999
lxc gui-kali 20210111110428.259 ERROR    start - start.c:lxc_spawn:1726 - Failed to set up id mapping.
lxc gui-kali 20210111110428.259 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:859 - Received container state "ABORTING" instead of "RUNNING"
lxc gui-kali 20210111110428.261 ERROR    start - start.c:__lxc_start:1999 - Failed to spawn container "gui-kali"
lxc gui-kali 20210111110428.261 WARN     start - start.c:lxc_abort:1012 - No such process - Failed to send SIGKILL via pidfd 30 for process 34513
lxc gui-kali 20210111110428.364 WARN     cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1109 - Success - Failed to initialize cpuset /sys/fs/cgroup/cpuset//lxc.pivot/lxc.pivot
lxc 20210111110428.366 WARN     commands - commands.c:lxc_cmd_rsp_recv:124 - Connection reset by peer - Failed to receive response for command "get_state"

I am running EndeavourOS (64 bit) and my lxd version is 4.10.

Hi!

Indeed it is likely some issue with idmaps and the specific Linux distribution you are using.
Do you use the snap package of LXD? For the purposes of the GUI support in the container, you only need to idmap the desktop user (which you do not).

I wrote an updated guide for Kali + GUI. Tested on using Ubuntu as the host. https://blog.simos.info/how-to-run-graphics-x11-applications-in-the-kali-lxd-container/

Thank you for your reply. However I must mention that I don’t have NVIDIA hence I commented out the following :

#  nvidia.driver.capabilities: all
#  nvidia.runtime: "true" 

But still it failed with the same error. Also I am using Endeavour OS which is based on Arch. What are the necessary changes which I should be making ? Sorry I am new to this.