Let me know if I should start a new thread, but I’m having the same problem as is shown here, but I haven’t been able to resolve it in the same ways as you have.
OS: Arch Linux, uname -a:
Linux mongoes 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
LXD: 5.2-1
I’ve created /etc/subuid and /etc/subgid with the following (which is different from what you’ve done, but I don’t have the lxd
user on my machine (is that a problem?), so I don’t see why it should be what you’ve put)
root:100000:65536
My /etc/lxc/default.conf is also:
lxc.net.0.type = empty
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
And in /etc/default/lxc, I have the same two lines, but after the rest of the autogenerated config file… As shown:
# LXC_AUTO - whether or not to start containers at boot
LXC_AUTO="true"
# BOOTGROUPS - What groups should start on bootup?
# Comma separated list of groups.
# Leading comma, trailing comma or embedded double
# comma indicates when the NULL group should be run.
# Example (default): boot the onboot group first then the NULL group
BOOTGROUPS="onboot,"
# SHUTDOWNDELAY - Wait time for a container to shut down.
# Container shutdown can result in lengthy system
# shutdown times. Even 5 seconds per container can be
# too long.
SHUTDOWNDELAY=5
# OPTIONS can be used for anything else.
# If you want to boot everything then
# options can be "-a" or "-a -A".
OPTIONS=
# STOPOPTS are stop options. The can be used for anything else to stop.
# If you want to kill containers fast, use -k
STOPOPTS="-a -A -s"
USE_LXC_BRIDGE="false" # overridden in lxc-net
[ ! -f /etc/default/lxc-net ] || . /etc/default/lxc-net
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
I have the exact same error as shown above when I try to launch it:
lxc u1 20220608195820.638 ERROR conf - conf.c:lxc_map_ids:3668 - newuidmap failed to write mapping "newuidmap: uid range [0-1000000000) -> [1000000-1001000000) not allowed": newuidmap 1848 0 1000000 1000000000
lxc u1 20220608195820.638 ERROR start - start.c:lxc_spawn:1791 - Failed to set up id mapping.
lxc u1 20220608195820.638 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc u1 20220608195820.639 ERROR start - start.c:__lxc_start:2074 - Failed to spawn container "u1"
lxc u1 20220608195820.639 WARN start - start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 1848
lxc 20220608195825.695 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220608195825.695 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"
My system is also configured to allow unprivileged users to create user namespaces:
[root@mongoes sean]# sysctl kernel.unprivileged_userns_clone
kernel.unprivileged_userns_clone = 1
[root@mongoes sean]# sysctl user.max_user_namespaces
user.max_user_namespaces = 256331
And, what’s more, as shown here, I’ve delegated unprivileged cgroups by creating a systemd unit:
[root@mongoes sean]# cat /etc/systemd/system/user@1000.service.d/delegate.conf
[Service]
Delegate=cpu cpuset io memory pids
And yet after all this, the error remains.
I can’t even launch privileged containers, which has the exact same issue with the exact same error output:
[root@mongoes sean]# lxc start u1
Error: Failed to run: /usr/bin/lxd forkstart u1 /var/lib/lxd/containers /var/log/lxd/u1/lxc.conf:
Try `lxc info --show-log u1` for more info
[root@mongoes sean]# lxc info --show-log u1
Name: u1
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2022/06/07 20:29 EDT
Last Used: 2022/06/08 16:09 EDT
Log:
lxc u1 20220608200932.469 ERROR conf - conf.c:lxc_map_ids:3668 - newuidmap failed to write mapping "newuidmap: uid range [0-1000000000) -> [1000000-1001000000) not allowed": newuidmap 2361 0 1000000 1000000000
lxc u1 20220608200932.469 ERROR start - start.c:lxc_spawn:1791 - Failed to set up id mapping.
lxc u1 20220608200932.469 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc u1 20220608200932.470 ERROR start - start.c:__lxc_start:2074 - Failed to spawn container "u1"
lxc u1 20220608200932.470 WARN start - start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 2361
lxc 20220608200937.502 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220608200937.502 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"
Any idea what should be done?