I'm pretty certain this is not related to HSTS, and it is a setuid
issue:
[pid 19145] openat(3, "uid_map", O_WRONLY|O_LARGEFILE) = 6
[pid 19145] write(6, "0 1 1\n1001 1001 1\n", 22) = -1 EPERM (Operation not
permitted)
[pid 19145] write(2, "newuidmap: write to uid_map fail"..., 60) = 60
[pid
Problem also occurs with the defaults in /etc/lxc/default.conf.
However, the mappings are defined also in /etc/suguid and /etc/subgid, where
the mapping also overlap, like so:
/etc/subuid
--
lxd:10:65536
root:10:65536
root:33:1
root:100034:65503
root:503:1
Hi,
Have you tried again after a while. I don't think that this is related to the
uid/gid mappings. In order for the download template to work you should have a
default lxc config for your unprivileged user configured which would list the
uid/gid mapping you want to use, e.g.
# Container
Problem occurs even with the secondary mappings in /etc/lxc/default.conf
hashed out:
---
lxc.id_map = u 0 10 65536
lxc.id_map = g 0 10 65536
#lxc.id_map = u 0 10 503
#lxc.id_map = u 503 503 1
#lxc.id_map = u 504 100504 65033
#lxc.id_map = g 0 10 109
I have a suspicion that the error is related to the uid/gid mappings. I
need several mappings for different containers. It all starts to creep
up on any machine configured like so:
/etc/subuid
root:10:65536
root:33:1
root:100034:65503
root:503:1
root:100504:65033
I see this today on a Zesty host when trying to create containers. I do
not see this issue on a Xenial host however.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1646462
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
My mistake, actually it is a shell script. Will look into it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1646462
Title:
lxc container download error (possibly HSTS
The issue seems permanent, for the time being.
Running a more thorough strace (attached) has revealed that the download
is indeed handled by the /usr/share/lxc/templates/lxc-download binary,
which unfortunately refuses to work if invoked directly by shell, so
unfortunately I could not debug this
lxc-create does not handle any web requests so this cannot be the cause.
Upgrading this to a secure connection is also perfectly fine. Is this
reliably reproducible still or was this maybe just a temporary server
problem?
--
You received this bug notification because you are a member of Ubuntu
adding strace for the command:
~# strace lxc-create -t download -n nginx -- --dist ubuntu --release
xenial --arch amd64 2>&1 | tee lxc_strace.log
** Attachment added: "strace run"
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1646462/+attachment/4785765/+files/lxc_strace.log
--
You
11 matches
Mail list logo
