EDIT: I began this question with a different title, but I think I can now focus the question.
What I need is to map my root user and my non-root user to one user ID in the host, so I can have read-write access to a mounted directory from both users. I’ve tried using
lxc config set t7 raw.idmap="both 1000 1000"
and it works for the non root user. I can access the directories and files with permissions for 1000:1000 in host.
lxc config set t7 raw.idmap="both 1000 0"
works for the root user
But if I try
echo -en "both 1000 0\nboth 1000 1000" | lxc config set t7 raw.idmap -
Then, when trying to restart the container I get this:
Error: Failed to run: /usr/bin/lxd forkstart t4 /var/lib/lxd/containers /var/log/lxd/t4/lxc.conf: exit status 1
Try `lxc info --show-log t4` for more info
and
lxc t4 20221026044552.864 ERROR conf - ../src/lxc/conf.c:lxc_map_ids:3672 - newuidmap failed to write mapping "newuidmap: write to uid_map failed: Invalid argument": newuidmap 392559 0 1000 1 1 1000001 999 1000 1000 1 1001 1001001 64535
lxc t4 20221026044552.864 ERROR start - ../src/lxc/start.c:lxc_spawn:1788 - Failed to set up id mapping.
lxc t4 20221026044552.864 ERROR lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc t4 20221026044552.864 ERROR start - ../src/lxc/start.c:__lxc_start:2107 - Failed to spawn container "t4"
lxc t4 20221026044552.865 WARN start - ../src/lxc/start.c:lxc_abort:1036 - No existe el proceso - Failed to send SIGKILL via pidfd 17 for process 392559
lxc 20221026044552.923 ERROR af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Conexión reinicializada por la máquina remota - Failed to receive response
lxc 20221026044552.923 ERROR commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_state"
You can find more info in the first post, that is copied below.
What am I doing wrong?
Hello. I need some help with this.
I’ve tried to follow this guide https://www.cyberciti.biz/faq/how-to-add-or-mount-directory-in-lxd-linux-container/
I’ve mounted a host directory in my container.
My user in host is ‘admin’ (1000:1000)
My /etc/subuid and /etc/subgid are
root:1000000:65536
root:1000:1
I’ve done:
lxc config set t7 raw.idmap "both 1000 1000"
lxc restart t7
Added user ‘admin’ (1000:1000) into the container
Exited container and
lxc config device add t7 storage disk source=/mnt/storage/ path=/mnt/storage/
And then enter the container and navigate to /mnt/storage/data/media
drwxr-xr-x 5 admin admin 4096 Sep 13 13:05 media
$ touch test
touch: cannot touch 'test': Permission denied
If a do su admin
, then I can do touch test.
Exiting the container the permissions are the same
drwxr-xr-x 5 admin autologin 4096 Sep 13 13:05 media
(autologin is gid 1000 in my host)
Why the container root user is unable to write in this directory? How to fix it?
I need it because some docker containers (like atmoz/sftp) I’m trying to use into the container are not able to write to the directory.