| View previous topic :: View next topic |
| Author |
Message |
philmb
n00b
Joined: 13 Feb 2020
Posts: 10
|
 Posted: Sat Sep 07, 2024 2:09 pm Post subject: LXD/LXC doesn't want to work, ID mapping |
 |
|
I installed LXD using the guide https://wiki.gentoo.org/wiki/LXD
When I want to launch a container, it does not work.
| Quote: | phil@localhost ~ $ sudo lxc list
+--------+---------+------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------+---------+------+------+-----------+-----------+
| devuan | STOPPED | | | CONTAINER | 0 |
+--------+---------+------+------+-----------+-----------+
phil@localhost ~ $ sudo lxc start devuan
Error: Failed to run: /usr/bin/lxd forkstart devuan /var/lib/lxd/containers /var/log/lxd/devuan/lxc.conf: exit status 1
Try `lxc info --show-log devuan` for more info
phil@localhost ~ $ lxc info --show-log devuan
Name: devuan
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2024/09/07 21:02 +07
Last Used: 2024/09/07 21:07 +07
Log:
lxc devuan 20240907140716.948 ERROR idmap_utils - ../lxc-6.0.0/src/lxc/idmap_utils.c:lxc_map_ids:245 - newuidmap failed to write mapping "newuidmap: uid range [0-1000000000) -> [1000000-1001000000) not allowed": newuidmap 11903 0 1000000 1000000000
lxc devuan 20240907140716.948 ERROR start - ../lxc-6.0.0/src/lxc/start.c:lxc_spawn:1795 - Failed to set up id mapping.
lxc devuan 20240907140716.948 ERROR lxccontainer - ../lxc-6.0.0/src/lxc/lxccontainer.c:wait_on_daemonized_start:838 - Received container state "ABORTING" instead of "RUNNING"
lxc devuan 20240907140716.949 ERROR start - ../lxc-6.0.0/src/lxc/start.c:__lxc_start:2114 - Failed to spawn container "devuan"
lxc devuan 20240907140716.949 WARN start - ../lxc-6.0.0/src/lxc/start.c:lxc_abort:1038 - No such process - Failed to send SIGKILL via pidfd 17 for process 11903
lxc 20240907140717.123 ERROR af_unix - ../lxc-6.0.0/src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20240907140717.123 ERROR commands - ../lxc-6.0.0/src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_init_pid"
phil@localhost ~ $
|
I did some reading on Google about the id mapping stuff, but I don't understand anything, what is a newuidmap?. It might as well be ancient greek.
What do I need to do to run a container on Gentoo? |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
|
| Back to top |
|
|
philmb
n00b
Joined: 13 Feb 2020
Posts: 10
|
| Posted: Wed Sep 11, 2024 8:36 pm Post subject: |
|
|
Greetings. Here is the data
| Code: | $ cat /etc/sub{uid,gid}
phil:100000:65536
lxd:100000:65536
phil:100000:65536
lxd:100000:65536
$ cat /etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
|
|
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Sep 12, 2024 8:18 am Post subject: |
|
|
This is how they should look
| Code: |
cat /etc/sub{uid,gid} ===>>>
lxd:1000000:1000000000
root:1000000:1000000000
<your-user>:1001000000:1000000
lxd:1000000:1000000000
root:1000000:1000000000
<your-user>:1001000000:1000000
|
Also in /etc/lxc/default.conf plz remove
| Code: |
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
|
Plz see
https://wiki.gentoo.org/wiki/Subuid_subgid
Also plz see
| Quote: |
Authorize a non-privileged user
All members of the lxd group can use any of the available containers, irrespective of who created the container.
root #usermod --append --groups lxd larry
This will allow a non-root user to interact with the control socket which is owned by the lxd UNIX group.
For the group change to take effect, users need to log out and log back in again.
|
_________________
 |
|
| Back to top |
|
|
|
Kernel & Hardware
