Container settings not restored as expected using lxc config edit

  1. I add some disk paths by lxc config device add:

    lxc config set trusty raw.idmap “both $UID 1000”
    lxc config device add trusty onedrive disk source=/mnt/HGST1/OneDrive path=/home/alvin/OneDrive
    lxc config device add trusty working disk source=/mnt/HGST1/Working path=/home/alvin/Working
    lxc config device add trusty repos disk source=/home/alvin/repos path=/home/alvin/repos
    lxc config device add trusty hgst2 disk source=/mnt/HGST2 path=/mnt/HGST2

  2. lxc config show trusty > old-config

  3. lxc delete trusty

  4. lxc init 6af0a0d3ae8a trusty

  5. lxc config edit trusty < old-config

  6. Launch lxc, user files in home folder has incorrect owner/group nobody/nogroup, the mapping devices has correct uid/gid 1000 though.

My exported config listed below, what’s wrong with it?
If I do not use lxc config edit but do lxc config device add again, there’s no problem at all. I export the config again and see no differences.

architecture: x86_64
config:
  image.architecture: x86_64
  image.description: Ubuntu 14.04 LTS server (20180703)
  image.os: ubuntu
  image.release: trusty
  raw.idmap: both 1000 1000
  volatile.base_image: 644c2d77819fb48c6d8b9fa35bfe25d11cc759c3726c42eefe22e513a7e4d937
  volatile.eth0.hwaddr: 00:16:3e:a2:12:27
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":true,"Hostid":1001001,"Nsid":1001,"Maprange":999998999}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":true,"Hostid":1001001,"Nsid":1001,"Maprange":999998999}]'
  volatile.last_state.power: STOPPED
devices:
  hgst2:
    path: /mnt/HGST2
    source: /mnt/HGST2
    type: disk
  onedrive:
    path: /home/alvin/OneDrive
    source: /mnt/HGST1/OneDrive
    type: disk
  repos:
    path: /home/alvin/repos
    source: /home/alvin/repos
    type: disk
  working:
    path: /home/alvin/Working
    source: /mnt/HGST1/Working
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

I suspect the issue is because you’re overriding the existing volatile.last_state.idmap key when doing that, by doing so, you’re effectively telling LXD that all uid/gid shifts have already happened and that no further action is required.

This means that when the container is then started, the needed shift for the raw.idmap key doesn’t happen and the filesystem is left unshifted for that particular uid/gid.

This case is unusual because of the raw.idmap entry, it’d otherwise work just fine.

You’d want to change your dumped yaml config to include the value of volatile.last_state.idmap from just after the lxc init and use that instead.

Probably something like:

architecture: x86_64
config:
  image.architecture: x86_64
  image.description: Ubuntu 14.04 LTS server (20180703)
  image.os: ubuntu
  image.release: trusty
  raw.idmap: both 1000 1000
  volatile.base_image: 644c2d77819fb48c6d8b9fa35bfe25d11cc759c3726c42eefe22e513a7e4d937
  volatile.eth0.hwaddr: 00:16:3e:a2:12:27
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":true,"Hostid":1001001,"Nsid":1001,"Maprange":999998999}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: STOPPED
devices:
  hgst2:
    path: /mnt/HGST2
    source: /mnt/HGST2
    type: disk
  onedrive:
    path: /home/alvin/OneDrive
    source: /mnt/HGST1/OneDrive
    type: disk
  repos:
    path: /home/alvin/repos
    source: /home/alvin/repos
    type: disk
  working:
    path: /home/alvin/Working
    source: /mnt/HGST1/Working
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""