Cannot start unprivileged container without root mapping

To: debian-user@lists.debian.org
Subject: Cannot start unprivileged container without root mapping
From: pk <pkoroau@gmail.com>
Date: Mon, 23 Aug 2021 11:31:16 +0200
Message-id: <[🔎] CAMNwjE+ztYTbLmX9ZfnoKMi447eY-wuWudriQZmvHXC-epb_2w@mail.gmail.com>

Hello, starting this container on a stock Debian 11 Bullseye errors out.
It seems to me it should be supported, from this comment and thread:
<https://github.com/lxc/lxc/issues/2033#issuecomment-354982434>.
However, changing the config to match that POC gives the same error.
What's missing? Should I ask upstream?


$ cat > test_config <<EOF
    lxc.uts.name=a10
    lxc.idmap = u 1000 101000 1
    lxc.idmap = g 1000 101000 1
    # These two are from /usr/share/doc/lxc/README.Debian.gz
    lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
    lxc.apparmor.profile = unconfined
EOF

$ # from /usr/share/doc/lxc/README.Debian.gz
$ systemd-run \
      --scope --quiet --user --property=Delegate=yes \
      lxc-unpriv-start --logfile /dev/stderr -f test_config \
                       -n machine touch /srv/example
Running scope as unit: run-[...].scope
lxc-start machine 20210823090408.589 ERROR    conf -
conf.c:userns_exec_mapped_root:4489 - No uid mapping for container
root
lxc-start machine 20210823090408.589 ERROR    terminal -
terminal.c:lxc_terminal_map_ids:856 - Failed to chown terminal
10((null))
...

Reply to:

Prev by Date: Re: nvme SSD and poor performance
Next by Date: Re: mouse pointer in changes unwanted
Previous by thread: Re: mouse pointer in changes unwanted
Next by thread: Sid: Korean input
Index(es):
- Date
- Thread