I might have found the issue but not the remedy. It is probably related to my lxc-to-incus conversion. I am using zfs backend for my lxc containers, however when I tried to use convert, it seems that the tool is unable to use the poolpath rootfs = zfs:zfspool/lxc/mycont to fix it I simply changed the rootfs config path and mounted the zfs path, so rootfs = /var/lib/lxc/mycont/rootfs.
The conversion went on without errors, but I see now that after conversion the uidmap remains from the old /var/lib/lxc/mycont/rootfs and doesn’t remap it.
OLD: Isolating with security.idmap.base
In both my /etc/subuid and /etc/subgid I have an entry 0:362144:65536 I then used incus config set mycont security.idmap.base=362144 security.idmap.isolated="true"
I spun up the mycont and the host bound mount shows correct mapping from host to guest, however the whole rootfs is shown as nogroup and nobody, while the rootfs from the host side does indeed show correct mapping 362144 owner.
It seems as if the rootfs isn’t properly mapped into 0-65535
This same thing happened when I also tried raw.idmap.
However, the numbered owner and group showed up instead, showing the owner not as 0 but as the 362144 in the container.
Backend storage is zfs and I’m using the native ubuntu 24.04 incus package on said release.
I seem to be missing something here, but documention mentions no extra steps.