Raw.idmap - newuidmap failed to write mapping


I use host system with my user UID and GID = 1000 and want to use a container which shared with the host system a catalog from host.

incus create ubuntu2310 websurf --profile=default
incus config device add websurf hostfs disk path=/mnt/hostfs source=/home/dv/hostfs

Then I set the custom idmaps:

incus config set websurf raw.idmap='both 1000 1000'

and then start container and got error:

[dv@manjaro ~]$ incus start websurf
Error: Failed to run: /usr/bin/incusd forkstart websurf /var/lib/incus/containers /run/incus/websurf/lxc.conf: exit status 1
Try `incus info --show-log websurf` for more info

[dv@manjaro ~]$ incus info --show-log websurf
Name: websurf
Type: container
Architecture: x86_64
Created: 2024/02/29 09:44 MSK
Last Used: 2024/02/29 10:15 MSK


lxc websurf 20240229071556.860 ERROR    conf - ../src/lxc/conf.c:lxc_map_ids:3701 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 52593 0 1000000 1000 1000 1000 1 1001 1001001 64535
lxc websurf 20240229071556.860 ERROR    start - ../src/lxc/start.c:lxc_spawn:1788 - Failed to set up id mapping.
lxc websurf 20240229071556.860 ERROR    lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:878 - Received container state "ABORTING" instead of "RUNNING"
lxc websurf 20240229071556.861 ERROR    start - ../src/lxc/start.c:__lxc_start:2107 - Failed to spawn container "websurf"
lxc websurf 20240229071556.861 WARN     start - ../src/lxc/start.c:lxc_abort:1036 - No such process - Failed to send SIGKILL via pidfd 17 for process 52593
lxc 20240229071556.885 ERROR    af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20240229071556.885 ERROR    commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_init_pid"

My SubUID and SubGID:

cat /etc/sub{uid,gid}


How to mapped UID/GID inside the container for user=ubuntu(uid=1000) and host system user uid=1000?

On my Ubuntu 22.04 cat /etc/sub{uid,gid} shows my user instead of root:


If you have kernel 6.2+ you can try removing raw.idmap and adding shared folder with option shift=true:

incus config device add websurf hostfs disk shift=true path=/mnt/hostfs source=/home/dv/hostfs
1 Like


I use Manjaro Linux which uses last kernel - 6.7.6 and If I change subUID/subGID parameters for my host to dv (my user) instead root:

[dv@manjaro ~]$ cat /etc/sub{uid,gid}

then I get an error for any operation incus, for example if recreate the container:

[dv@manjaro ~]$ incus create ubuntu2310 websurf --profile=default

Creating websurf
Error: Failed creating instance record: Failed initialising instance: Invalid config: No uid/gid allocation configured. In this mode, only privileged containers are supported

I tried option shift, it works for me! Thanks!

You currently have:


In both subuid and subgid.

To allow raw.idmap: both 1000 1000, you’re going to need both files to contain:

1 Like

Incus only considers allocations for the root user, allocations for other users, even if they match the user interacting with Incus will not have any effect.

The only reason why @qkiel probably has it working is because their system likely doesn’t have the uidmap package installed and therefore does not actually enforce the content of the subuid/subgid files.

1 Like

This answer allows me for the first time to “understand” the subuid/subgid files. :sweat_smile:

1 Like

Me too. Thanks @stgraber