Hi
I’m new to containers, and to LXC in particular. Also, my native language isn’t English, so please excuse me for any possible misspelling.
Here’s the problem:
I have a regular user which has sudo permissions and is also a system user (It was created when I installed debian, as I skipped providing a root password). This user can create unprivileged containers as the environment allows it to be done, and also run these containers.
In order to create containers I simply use the lxc-create command without sudo and I also use the lxc-unpriv-* commands to attach and start (and do anything that should be done as I’m unprivileged).
The lxc-ls --fancy command tells that my container is unprivileged. However, ChatGPT says that it’s not enough.
ChatGPT told me that if I go and read the file located in /proc/${pid}/{g,u}id_map (where ${pid} represents the LXC process ID) in the host, this will indicate whether the container is running as the unprivileged user, or it is running as root.
ChatGPT says that if the output is similar to:
0 100000 65536
It means that it is unprivileged. However, I get:
0 0 4294967295
and ChatGPT says that this isn’t unprivileged. so I thought, maybe it’s because I’m using a user that is allowed to use sudo, maybe i’ll try it in a new account, where it doesn’t associated with sudo or anything related to the system. I made a completely powerless user and I ran the lxc-create start, and got the following error:
../src/lxc/cmd/lxc_usernsexec.c: 64: opentty - Permission denied - Failed to open tty
But that’s not all - When I made it and created a new container, I found out that the value of those files in /proc/.../{g,u}id_map is EXACTLY THE SAME as the previous user (the one with the sudo privileges).
What to do?