Hi all, after further investigation I realized that the difference was that the second container where it worked was with rootfs as btrfs subvol but the first one (copied from original container) wasn't.
Ok, this explains the difference behaviour. And it comes even more obfuscating: The conaitainer I snapshotted with lxc-copy -n deb_template -N cont1 -s does have the snapshotted root filesystem of the host machine - not of the container. Probably because the original container doesn't have any btrfs subvulume as root. But this looks as a bug for me: If I use lxc-copy -n cont1 -N cont2 -s but cont1 doesn't include a btrfs subvolume as rootfs but the lxc.rootfs.backend is set to btrfs it uses the next upper subvolume for rootfs. Ok. But why a normal can achive a new rootfs which belongs to root? Regards Jan Am 14.06.2017 um 15:44 schrieb Jan Kowalsky: > Hi, > > I'm new on the list, so hello to all. > > While experimenting with unprivileged containers (@stgraber: thanks for > the excellent howtos) I discovered a phenomena I can't explain to me. > > Debian Stretch > lxc 2.0.7-2: amd64 > btrfs filesystem > > I converted an container I bootstrapped as root from a debian stretch > template to a unprivileged container for a user "lxcuser". > > cp -a /var/lib/lxc/deb_template /home/lxcuser/.local/share/lxc/ > > After that I changed the uids of the new rootfs according to the subuids > of lxcuser. After fixing file permissions and configuration everything > works fine. > > Now the interesting things: > > while clone the new container as the user lxcuser with > > lxc-copy -n deb_template -N cont1 > > everything works as aspacted. The new rootfs of cont1 got the right uids. > > But if I do the same as a snapshot > > lxc-copy -n deb_template -N cont2 -s > > I get the error > > newgidmap: write to gid_map failed: Invalid argument > error mapping child > setgid: Invalid argument > sed: couldn't open temporary file > /home/lxcuser/.local/share/lxc/cont3/rootfs/etc/sed6iYKSh: Permission denied > lxc-copy: lxccontainer.c: clone_update_rootfs: 3011 Permission denied - > unable to open /usr/lib/x86_64-linux-gnu/lxc/rootfs/etc/hostname: ignoring > > AND: all Files in cont3/rootfs/ belong now root!! > > If I do the same with the first copied container (without snapshot) > "cont1" again everything works fine except the following error: > > > newgidmap: gid range [231072-231073) -> [462144-462145) not allowed > error mapping child > setgid: Invalid argument > > Any ideas? > > Best Regards > Jan > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
