I’m trying to create a new container and and I’m getting the following errors while trying to run the sudo lxc-start -base-archcommand:
lxc-start base-arch 20210909221523.293 ERROR conf - conf.c:lxc_map_ids:3471 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 60795 0 100000 1000 1000 1000 1 1001 101001 64535
lxc-start base-arch 20210909221523.293 ERROR start - start.c:lxc_spawn:1774 - Failed to set up id mapping.
lxc-start base-arch 20210909221523.293 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:868 - Received container state "ABORTING" instead of "RUNNING"
lxc-start base-arch 20210909221523.293 ERROR lxc_start - tools/lxc_start.c:main:308 - The container failed to start
lxc-start base-arch 20210909221523.293 ERROR lxc_start - tools/lxc_start.c:main:311 - To get more details, run the container in foreground mode
lxc-start base-arch 20210909221523.293 ERROR lxc_start - tools/lxc_start.c:main:313 - Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start base-arch 20210909221523.293 ERROR start - start.c:__lxc_start:2053 - Failed to spawn container "base-arch"
Host’s user id is 1000 as shown bellow: uid=1000(host) gid=1000(host) groups=1000(host),998(wheel)
and based on the configuration I’m mapping guest’s 1000 uid to host’s 1000 uid.
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.idmap = u 0 100000 1000
lxc.idmap = g 0 100000 1000
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1
lxc.idmap = u 1001 101001 65536
lxc.idmap = g 1001 101001 65536
lxc.rootfs.path = dir:/var/lib/lxc/base-arch/rootfs
lxc.uts.name = base-arch
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:f6:37:6e
Also here is the contents of my /etc/sub{u,g}id files
Thanks for your quick reply. Because I’m just new to this whole ideas let me ask you if the third point you wrote is correct.
As I understood so far the u 1001 101001 65536 is translated as:
Map guest’s uids from 1001 until 66537 to host’s uids 101001 until 166537
Is my understanding right or not?
Further more, you are saying that I’m exceeding the uids based on the /etc/subuids file right? If I got it right I’m assigning to the root user the 100000 through 165536 uids but it seems from the configuration file that it needs more. Something like 100000 through 166537.
So you think that if I change the /etc/sub{u,g}id files to contains something like
I found online this article too but adding host:1000:1 in the sub{g,u}id files didn’t resolve it.
One more thing I’ve noticed is that if I replace the mapping you posted with the following:
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
the container starts. But I think this is not a complete mapping since it lacks mapping for user account. Something that it is important in my case IMHO because I want to run X11 applications.
Does it make any sense to run sudo strace -o strace.log -ff lxc-start -n base-arch and look inside that the for the error?
EDIT:
So I run the command using strace and from all the files strace output I think this is the one which calls the newuidmap. The thing is that all the execve calls return 0 which seems fine to me.
Yes now it starts but I’m wondering if I should also add the host user in the sub{g,u}id files because when I’m attaching to the container its /tmp/.X11 directory is empty given that I’ve added this to its config file: