I LXC copied a few CTS from host A to host B.
On host B (ttarget), one of the copied CTs worked fine from the start, but the others wouldn’t start, showing
Permission denied - Failed to open "/var/snap/lxd/common/lxd/storage-pools/default/containers/
I looked into their /1.0/instances/ctXXX/logs/lxc.conf
, the only thing that differed was that the ones that wouldn’t start did not have this line at the end, while the one that worked did.
rootfs.options=idmap=container
so i compared with config show
and noticed that the ones that wouldn’t start had this value for volatile.last_state.idmap
[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]
, while the ct that was able to start had '[]'
I issued lxc config set ctXXX volatile.last_state.idmap '[]'
for the ones that wouldn’t start, and they finally started. Everything seems fine, except for one thing: the UID/GID inside the containers that previously woulnd’t start now shows 1001000 1001000
(now those cts also have rootfs.options=idmap=container
)
the CTs are standard Ubuntu, from the default template. The host is ubuntu 22.04. They both (host + CTs, including the CT that always worked) have
$ cat /etc/sub{uid,gid}
ubuntu:100000:65536
ubuntu:100000:65536
I already tried reloading the snap, didn’t help.
Host B (target, everything is using DIR driver)
driver: lxc | qemu
driver_version: 5.0.1 | 7.1.0
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
idmapped_mounts: "true"
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.15.0-53-generic
lxc_features:
cgroup2: "true"
core_scheduling: "true"
devpts_fd: "true"
idmapped_mounts_v2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
seccomp_proxy_send_notify_fd: "true"
os_name: Ubuntu
os_version: "22.04"
project: default
server: lxd
server_clustered: false
server_event_mode: full-mesh
server_name: node3
server_pid: 39148
server_version: "5.8"
storage: dir
storage_version: "1"
Host A (source, also using dir driver)
driver: lxc | qemu
driver_version: 5.0.1 | 7.1.0
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
idmapped_mounts: "true"
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.15.0-47-generic
lxc_features:
cgroup2: "true"
core_scheduling: "true"
devpts_fd: "true"
idmapped_mounts_v2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
seccomp_proxy_send_notify_fd: "true"
os_name: Ubuntu
os_version: "22.04"
project: default
server: lxd
server_clustered: false
server_event_mode: full-mesh
server_name: node16
server_pid: 1961418
server_version: "5.8"
storage: dir
storage_version: "1"
How do I fix the mappings inside the CTs that are now showing numeric IDs!?