LXD 3.7, ArchLinux(host+container), unprivileged, dir driver
When i mount a folder into the container its empty and not accessible. The source folder has 1000:1000, mounted folder in rootfs is 100000 (should be rather 101000 i guess) and inside container its nobody(65534). Its not readable by root/guest (100000) -> Permission denied. Any idea what’s wrong here?
$ cat /etc/subuid
root:100000:65536
lxd:100000:65536
$ cat /etc/subgid
root:100000:65536
lxd:100000:65536
$ lxc config device add arch test disk source=/home/user/Downloads path=/home/arch/test
You can either do uid hole punching to make uid/gid 1000 be the same inside and outside of the container by setting raw.idmap (note that you’ll also need additional entries in your subuid/subgid config) or you may be able to get away with posix ACLs by effectively allowing access to the directory on the host to the 101000 uid/gid (1000 in the container).
I tried several raw.idmap combinations but none of them get accepted (not allowed or in host range):
raw.idmap: both 1000 1000
raw.idmap: both 101000 1000
raw.idmap: both 1000 101000
raw.idmap: both 1000 201000
raw.idmap: both 201000 1000
lxc arch 20181213192057.937 ERROR conf - conf.c:lxc_map_ids:2999 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [201000-201001) not allowed": newuidmap 2291 0 100000 1000 1000 201000 1 1001 101001 64535
I’m wondering why this is needed at all. LXD is aware of the host<>container UID shift range already (by shadow entries). It already did initialize/shift the rootfs all by itself properly at container creation.