Cannot run command using lxc-attach, despite being a (working) unprivileged container

IdyllicHappiness · March 10, 2022, 8:13pm

Problem

When running these commands, with the intention of running commands without entering into a shell, I get the following errors.

# lxc-attach -n vpnLxc -- ls
lxc-attach: vpnLxc: tools/lxc_attach.c: main: 302 You lack access to /home/user/.local/share/lxc

# sudo lxc-attach -n vpnLxc -- ls
lxc-attach: vpnLxc: attach.c: get_attach_context: 405 Connection refused - Failed to get init pid
lxc-attach: vpnLxc: attach.c: lxc_attach: 1469 Connection refused - Failed to get attach context

I’m at a loss why this may be the case, any ideas?

Context

I have the following unprivileged container, which is working fine (I can log in, it’s running the web services I need, etc).

# lxc config show --expanded vpnLxc
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (release) (20210927)
  image.label: release
  image.os: ubuntu
  image.release: focal
  image.serial: "20210927"
  image.type: squashfs
  image.version: "20.04"
  volatile.base_image: 56296ba81a6fb502c634697a840d7957c3d2aa1a1805820e605ed21475058851
  volatile.eth0.host_name: vethc6de36da
  volatile.eth0.hwaddr: 00:16:3e:f5:23:7a
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: d7bc7358-b05f-46dc-95a1-51a28c30f553
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
  root:
    path: /
    pool: lxcDefaultPool
    type: disk
  shareFolder:
    path: /home/ubuntu/media
    source: /home/share_user/media
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Crumbs350 · October 19, 2022, 11:32pm

Did you get a solution to this? I have the same problem.

I noticed your user id map range is 65k, the source help points to expanding it beyond that.

$ ssh IP returns connection refused, where IP is the value reported by lxc list for the container. $ ping IP returns a very quick response, sub ms.

tomp · October 20, 2022, 10:01am

Is this for LXC or LXD, as the original post seemed to be confusing the two different systems.

What is the problem you have?

You cannot use lxc-attach to enter a LXD container.

Crumbs350 · October 20, 2022, 1:34pm

Agree I was confused by the fact that you run lxc cmd for lxd and lxc-cmd for lxc specific. Or at least that is the pattern I’m starting to figure out as I peel another layer of the documentation onion.

I also figured out how to connect to an LXD container is substantially different than LXC container using How to connect to lxd container – ServerOK. I was then able to install openssh-server so ssh works.

Thought my problem was the same as the original poster, but see now that while similar I was likely just hijacking the thread which I’ll stop doing now.