Cannot start unprivileged lxc

graysky · 2025-01-11 17:07:59

I followed this document but am hitting a snag when starting the container. Permissions issue or something to do with the idmap?
For reference:

cat /etc/subuid /etc/subgid
facade:100000:65536
facade:100000:65536

And:

# ls -lh /var/lib/lxc
total 36K
drwx------ 2 root    root    16K Jan 15  2016 lost+found
drwxrwx--- 3  100000 users  4.0K Jan 11 10:48 mycontainer

# ls -lh /var/lib/lxc/mycontainer 
total 8.0K
drwxr-xr-x 16 100000 100000 4.0K Jan 10 23:20 rootfs
-rw-r--r--  1 100000 100000  870 Jan 11 10:48 config

And:

# getfacl /var/lib/lxc
# file: var/lib/lxc
# owner: root
# group: root
user::rwx
user:facade:rwx
user:100000:rwx
group::r-x
group:100000:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:facade:rwx
default:user:100000:rwx
default:group::r-x
default:group:100000:rwx
default:mask::rwx
default:other::r-x

Not sure if needed but I followed [this](https://wiki.archlinux.org/title/Cgroup … delegation) to setup delegate.conf drop-in and still cannot start the container.

% cat /sys/fs/cgroup/user.slice/user-1000.slice/cgroup.controllers
cpuset cpu io memory pids

Head_on_a_Stick · 2025-01-11 20:59:38

graysky wrote:

I followed this document

That's a little vague and you only reference /etc/sub{u,g}id but many more files are mentioned in this section of the guide. Did you also create those other files?

graysky · 2025-01-11 23:49:21

Yes, the config and container default files have been created as well.

Arch Linux

#1 2025-01-11 17:07:59

Cannot start unprivileged lxc

#2 2025-01-11 20:59:38

Re: Cannot start unprivileged lxc

#3 2025-01-11 23:49:21

Re: Cannot start unprivileged lxc

Board footer