Hello,
I have lxd 3.10 installed on my Ubuntu 18.10 host. I have configure the subsidiary ids /etc/subuid and /etc/subgid as shown below:
root:1000000:65536
lxd:1000000:65536
joe:1001000:65536
I have launch an unprivileged container (called fred) from an ubuntu:18.04 image and applied the default profile:
config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
used_by:
- /1.0/containers/fred
I have added a disk device in the container which maps the ${HOME} on the host to ${HOME} for user ubuntu (uid/gid == 1000:1000) in the container. Here is the config of the container:
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 18.04 LTS amd64 (release) (20190212.1)
image.label: release
image.os: ubuntu
image.release: bionic
image.serial: "20190212.1"
image.version: "18.04"
volatile.base_image: 35f6bff57c250208c6dc73445eefe8c1020853a1bc8571ebd8bfb1fe3a239504
volatile.eth0.hwaddr: 00:16:3e:8a:5f:34
volatile.idmap.base: "0"
volatile.idmap.next: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: RUNNING
devices:
homedir:
path: /home/ubuntu
recursive: "true"
source: /home/joe
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
When I log into the container as user ubuntu and go to the ${HOME}, all the file contents are mapped to nobody:nogroup (-1:-1). I was hoping that because the user joe on the host and user ubuntu in the container have the same ids (i.e. uid/gid == 1000:1000) and because of the mapping in the sub{uid,gid} of user ‘joe’ to 1001000, the mapping would be complete. However that is not the case. What could be wrong in my approach and understanding here?