undefined | Better HN

0 pointsdusanh2y ago0 comments

Thank you, this made me realize I assigned a wrong (too little) number for uids. It did not fix my issue however. I still see

  (dev) $ podman info
  ERRO[0000] running `/usr/bin/newuidmap 3427 0 1000 1 1 100000 65536`: newuidmap: open of uid_map failed: Permission denied
  Error: cannot set up namespace using "/usr/bin/newuidmap": exit status 1

I tried a solution I found on Red Hat's Customer Portal:

  (root) # setcap cap_setuid+ep /usr/bin/newuidmap
  (root) # setcap cap_setgid+ep /usr/bin/newgidmap

Also did not work. I can run

  (root) # podman info

just fine as root. This leads me to believe there are some other problems with my non-root user permissions.

EDIT: It probably makes little sense, to run rootless on top of an already unprivileged LXC. I just wanted to give vscode server it's own non-root user in there. Oh well...

0 comments

Helmut100012y ago

Yes, just start from scratch and provide uid-mappings from the beginning. Looks like those uids were set from before adding the mappings and it is trying to access uids it is not allowed to access.

I used rootless docker in rootless lxc because the Postgres Docker (e.g.) will try to setup a non-root user by default. In a rootless LXC, this means it will try to access very large uids (>100000), which are not available, unless explicitly prepared.

dusanhOP2y ago

That actually did not do anything different for me. I did the following:

1) Created a new LXC.

2) As root, I created a new user "devel"

3) For the "devel" user set both subuid and subgid to devel:100000:65536

4) As root, installed podman

5) In another SSH session, logged in as "devel" and ran "podman version"

Same error as before. This is in a Debian 12 LXC running on Proxmox.

Helmut100012y ago

I am also using Docker in Debian 12 LXC on Proxmox. I am not sure what has gone wrong here.

dusanhOP2y ago

Was there anything extra you have done on the Host itself?

1 more reply

j / k navigate · click thread line to collapse

0 comments

Helmut100012y ago

Yes, just start from scratch and provide uid-mappings from the beginning. Looks like those uids were set from before adding the mappings and it is trying to access uids it is not allowed to access.

dusanhOP2y ago

That actually did not do anything different for me. I did the following:

1) Created a new LXC.

2) As root, I created a new user "devel"

3) For the "devel" user set both subuid and subgid to devel:100000:65536

4) As root, installed podman

5) In another SSH session, logged in as "devel" and ran "podman version"

Same error as before. This is in a Debian 12 LXC running on Proxmox.

Helmut100012y ago

I am also using Docker in Debian 12 LXC on Proxmox. I am not sure what has gone wrong here.

dusanhOP2y ago

Was there anything extra you have done on the Host itself?

1 more reply

j / k navigate · click thread line to collapse