I’m trying to share a folder between an unprivileged container and the host. So I want to map the user id 1000 of the host inside the container. This is the LXC container config:
$ cat .local/share/lxc/aledge/config
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
lxc.idmap = u 0 165536 65536
lxc.idmap = g 0 165536 65536
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1
lxc.rootfs.path = dir:/home/laren/.local/share/lxc/aledge/rootfs
lxc.uts.name = aledge
lxc.net.0.type = veth
lxc.net.0.link = bridge0
lxc.net.0.flags = up
Host configurations:
$ cat /etc/subuid
root:100000:65536
laren:165536:65536
laren:1000:1
$ cat /etc/subgid
root:100000:65536
laren:165536:65536
laren:1000:1
$ cat /etc/passwd /etc/group | grep ^laren
laren:x:1000:1000:Leonardo:/home/laren:/bin/bash
laren:x:1000:
With lxc.idmap = u 1000 1000 1 and lxc.idmap = g 1000 1000 1 I’m unable to start the container. Removing these two lines it starts just fine. The error is:
lxc-start aledge 20200410123005.885 DEBUG conf - conf.c:lxc_map_ids:2938 - Functional newuidmap and newgidmap binary found
lxc-start aledge 20200410123005.890 ERROR conf - conf.c:lxc_map_ids:3008 - newuidmap failed to write mapping "newuidmap: write to uid_map failed: Invalid argument": newuidmap 60245 0 165536 65536 1000 1000 1
lxc-start aledge 20200410123005.890 ERROR start - start.c:lxc_spawn:1798 - Failed to set up id mapping.
Is this the right approach? What I’m I doing wrong?
Thanks!