In the process of updating my host, I was no longer able to SSH into my incus container. I remediated that by using incus exec and then running a chown/chmod in there.
It seems like my /etc/subuid /etc/subgid files are not working or being used now because on the host, it looks like root:wheel in the container maps directly to root:wheel on the host which doesn’t seem right. Not only that, but I also noticed that I”m having permissions errors with my cron lock files too.
Prior to me running chown on the root home directory (/root) for the container, it was:
3000000:3000000
My /etc/subuid and /etc/subgid both had the same contents:
No, they’re absolutely still used, those files were never about controlling on-disk uid/gid, they are about controlling what uid and gid ranges processes can use.
Incus still relies on that to know what uid/gid ranges to use for the user namespace that the containers run in. It’s just not used for on-disk file storage as for those we can keep them unshifted and rely on VFS idmap shift instead.