You will need to find out how does the polkit agent communicate with the processes, if it is not through a file on the filesystem. It’s through some live service, and it is highly likely it’s through D-Bus.
Seems that simply mounting the D-Bus socket from the host machine and sourcing DBUS_SESSION_BUS_ADDRESS to the proper location within the container (in my configuration, unix:path=/run/user/1000/bus) made it work flawlessly. Great!
1 Like
I updated the first post with a simplified profile for Ubuntu 24.04 as host.
Previous profiles are now here:
- Preliminary profile for Ubuntu 24.04
- Profile for Ubuntu 22.04 with kernel 6.5.0+
- Profile for Ubuntu 22.04 with older kernels
4 posts were split to a new topic: Steam input devices
This gives the error and the container does not start.
lxc steam 20241015063508.841 ERROR conf - ../src/lxc/conf.c:lxc_map_ids:3704 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 13508 0 1000000 1000 1000 1000 1 1001 1001001 999998999
Host is Ubuntu 24.04 with an Ubuntu 24.04 image.
Without the ID mapping, the container starts and it loads GUI apps. Is it required to have it?
In my testing, raw.idmap is required for Wayland socket to work on Ubuntu 24.04 host.
Do you get the same error when starting a new Ubuntu 24.04 container without GUI profile and adding raw.idmap by hand?
printf "uid $(id -u) 1000\ngid $(id -g) 1000" | incus config set <instance name> raw.idmap -
Edit:
In a clean Ubuntu 24.04 VM I can’t reproduce your error.
Both UID and GID are 1000.
$ incus profile show idmap
config:
raw.idmap: |-
uid 1000 1000
gid 1000 1000
description: ""
devices: {}
name: idmap
used_by: []
$ incus launch images:alpine/edge mycontainer --profile default --profile idmap
Launching mycontainer
Error: Failed instance creation: Failed to run: /usr/libexec/incus/incusd forkstart mycontainer /var/lib/incus/containers /run/incus/mycontainer/lxc.conf: exit status 1
$
/etc/sub{gu}id contain
myusername:100000:65536
root:1000000:1000000000
I am getting this on a new system, and should be fairly vanilla.
Weird. My /etc/sub{gu}id are the same. Does this happen for you in a fresh Ubuntu 24.04 VM as well?
I reproduced with an Incus Ubuntu 24.04 VM, running Incus 6.0.0 (default packages).
Therefore, it should be reproducible by anyone.
Here is the error message again,
lxc mycontainer 20241017114318.361 ERROR conf - ../src/lxc/conf.c:lxc_map_ids:3704 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 2893 0 1000000 1000 1000 1000 1 1001 1001001 999998999
lxc mycontainer 20241017114318.361 ERROR start - ../src/lxc/start.c:lxc_spawn:1788 - Failed to set up id mapping.
lxc mycontainer 20241017114318.361 ERROR lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:878 - Received container state "ABORTING" instead of "RUNNING"
lxc mycontainer 20241017114318.362 ERROR start - ../src/lxc/start.c:__lxc_start:2107 - Failed to spawn container "mycontainer"
lxc mycontainer 20241017114318.362 WARN start - ../src/lxc/start.c:lxc_abort:1036 - No such process - Failed to send SIGKILL via pidfd 17 for process 2893
lxc 20241017114318.397 ERROR af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20241017114318.397 ERROR commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_init_pid"
There is some likelihood that some other binary is missing (uidmap is installed).
In any case, the issue is not related to running GUI apps but to the use of idmap in Incus.
@stgraber, can you please split up these posts about the idmap error in launching containers into a separate thread?
I confirm. The error occurs when Incus is installed from Ubuntu packages. When installed from Zabbly, everything works perfectly fine (both LTS and Stable).