Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve idmap detection/handling #329

Closed
stgraber opened this issue Dec 23, 2023 · 2 comments
Closed

Improve idmap detection/handling #329

stgraber opened this issue Dec 23, 2023 · 2 comments
Assignees
@stgraber
Labels
Bug Confirmed to be a bug
Milestone
incus-0.5

Comments

@stgraber
Copy link
Member

Currently if the system isn't correctly configured (/etc/subuid and /etc/subgid), it leads to very confusing errors coming from liblxc. This is all data that Incus already parses on startup, so we should be able to perform a check ourselves and give a better error.

On systems where uidmap is in use (newuidmap/newgidmap available), we need to properly handle:

  • No map found in /etc/subuid or /etc/subgid
  • Insufficient maps found (less than 65536 uid/gid) found
  • Map available but doesn't match existing container map (should trigger a shift)
  • Map doesn't allow for punch through mapping (should disable it in incus-user)
@stgraber stgraber added the Bug Confirmed to be a bug label Dec 23, 2023
@stgraber stgraber self-assigned this Dec 23, 2023
@juippis juippis mentioned this issue Dec 23, 2023
Closed
@stgraber stgraber added this to the incus-0.5 milestone Dec 28, 2023
@stgraber
Copy link
Member Author

stgraber commented Jan 6, 2024

Quick update that my massive idmap branch addresses everything except the one before last point, working on that one now.

stgraber added a commit to stgraber/incus that referenced this issue Jan 6, 2024
@stgraber
incus-user: Don't set raw.idmap when uid/gid aren't in system map
ac8b875 
Closes lxc#329

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Jan 6, 2024
@stgraber
incusd/instance/lxc: Detect bad idmap and find new one
064f126 
Closes lxc#329

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
@stgraber
Copy link
Member Author

stgraber commented Jan 6, 2024

Got that one covered now too.

stgraber added a commit to stgraber/incus that referenced this issue Jan 6, 2024
@stgraber
incusd/instance/lxc: Detect bad idmap and find new one
4cb0812 
Closes lxc#329

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Jan 6, 2024
@stgraber
incusd/instance/lxc: Detect bad idmap and find new one
e895814 
Closes lxc#329

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Jan 6, 2024
@stgraber
incusd/instance/lxc: Detect bad idmap and find new one
596f4fe 
Closes lxc#329

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
@hallyn hallyn closed this as completed in 5a5e378 Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stgraber stgraber

Labels
Bug Confirmed to be a bug
Milestone
incus-0.5
Development

No branches or pull requests
1 participant
@stgraber