Cannot run command using lxc-attach, despite being a (working) unprivileged container


When running these commands, with the intention of running commands without entering into a shell, I get the following errors.

# lxc-attach -n vpnLxc -- ls
lxc-attach: vpnLxc: tools/lxc_attach.c: main: 302 You lack access to /home/user/.local/share/lxc

# sudo lxc-attach -n vpnLxc -- ls
lxc-attach: vpnLxc: attach.c: get_attach_context: 405 Connection refused - Failed to get init pid
lxc-attach: vpnLxc: attach.c: lxc_attach: 1469 Connection refused - Failed to get attach context

I’m at a loss why this may be the case, any ideas?


I have the following unprivileged container, which is working fine (I can log in, it’s running the web services I need, etc).

# lxc config show --expanded vpnLxc
architecture: x86_64
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (release) (20210927)
  image.label: release
  image.os: ubuntu
  image.release: focal
  image.serial: "20210927"
  image.type: squashfs
  image.version: "20.04"
  volatile.base_image: 56296ba81a6fb502c634697a840d7957c3d2aa1a1805820e605ed21475058851
  volatile.eth0.host_name: vethc6de36da
  volatile.eth0.hwaddr: 00:16:3e:f5:23:7a
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]' '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: d7bc7358-b05f-46dc-95a1-51a28c30f553
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
    path: /
    pool: lxcDefaultPool
    type: disk
    path: /home/ubuntu/media
    source: /home/share_user/media
    type: disk
ephemeral: false
- default
stateful: false
description: ""

Did you get a solution to this? I have the same problem.

I noticed your user id map range is 65k, the source help points to expanding it beyond that.

$ ssh IP returns connection refused, where IP is the value reported by lxc list for the container. $ ping IP returns a very quick response, sub ms.

Is this for LXC or LXD, as the original post seemed to be confusing the two different systems.

What is the problem you have?

You cannot use lxc-attach to enter a LXD container.

Agree I was confused by the fact that you run lxc cmd for lxd and lxc-cmd for lxc specific. Or at least that is the pattern I’m starting to figure out as I peel another layer of the documentation onion.

I also figured out how to connect to an LXD container is substantially different than LXC container using How to connect to lxd container – ServerOK. I was then able to install openssh-server so ssh works.

Thought my problem was the same as the original poster, but see now that while similar I was likely just hijacking the thread which I’ll stop doing now.

1 Like