Hi,
I’m trying to mount my host home directory under an LXD container by following the directions in https://stgraber.org/2017/06/15/custom-user-mappings-in-lxd-containers/ and for an ubuntu image it works just fine and I’m seeing the files under /home/ubuntu and I’m able to modify them as well.
However when using an Oracle linux image I’m getting a ‘Resource temporarily unavailable’ when trying to su to the ‘oracle’ user. Here’s what I did:
$ lxc launch images:oracle/6/amd64 o1
$ lxc config device add o1 homedir disk source=/home/pvdspoel path=/home/oracle
$ lxc config set o1 raw.idmap 'both 1000 500' #user 'oracle' has an uid/gid of 500 in the image
$ lxc restart o1
$ lxc exec o1 -- /bin/bash
[root@o1 ~]# grep oracle /etc/passwd /etc/group
/etc/passwd:oracle:x:500:500::/home/oracle:/bin/bash
/etc/group:oracle:x:500:
[root@o1 ~]# su - oracle
_su: /bin/bash: Resource temporarily unavailable_
[root@o1 oracle]# ls -ld /home/oracle
drwx------ 75 oracle oracle 20480 Jul 31 09:10 /home/oracle
As the root user in the container I can see the files from my home directory just fine, I can even create files there.
[root@o1 oracle]# touch /home/oracle/e
[root@o1 oracle]# ls -l /home/oracle/e
-rw-r--r-- 1 root root 0 Jul 31 09:50 /home/oracle/e
Which translates on the host to uid/gid 165536, as expected.
$ ls -l /home/pvdspoel/e
-rw-r--r-- 1 165536 165536 0 Jul 31 09:50 /home/pvdspoel/e
When I remove the raw.idmap and restart the container I see briefly a ‘Remapping container filesystem’, so LXD is indeed picking up the change. I then again try to su to the oracle user, but of course it can no longer access it’s own $HOME.
$ lxc config unset o1 raw.idmap
$ lxc restart o1
$ lxc exec o1 -- /bin/bash
[root@o1 ~]# su - oracle
su: warning: cannot change directory to /home/oracle: Permission denied
-bash: /home/oracle/.bash_profile: Permission denied
-bash-4.1$ ls -ld /home/oracle
drwx------ 75 65534 65534 20480 Jul 31 03:49 /home/oracle
The log files of the container do not show any errors, not the log files of LXD itself, so I’m mightily confused now why ID mapping works with an Ubuntu container, but not with an Oracle container. As the only difference between the two, that could matter in this case IMHO, is the uid/gid. Which is 1000/1000 for Ubuntu and 500/500 for Oracle.
For completeness sake here’s the contents of the subuid and subgid files on the host:
::::::::::::::
/etc/subgid
::::::::::::::
pvdspoel:100000:65536
lxd:165536:65536
root:165536:65536
lxd:1000:1
root:1000:1
::::::::::::::
/etc/subuid
::::::::::::::
pvdspoel:100000:65536
lxd:165536:65536
root:165536:65536
lxd:1000:1
root:1000:1
The version of LXD I’m using is 3.0.1 as I just upgraded my system to Ubuntu 18.04.1.