First of all thank you to the entire Slackware team and community for the latest stable release!
I am trying to setup unprivileged containers but have hit a bit of a roadblock, I'd appreciate any advice.
I have read Chris' excellent
guide and have a problem compiling
uidmapshift from
Step 2 - Remap uids & gids in the second part of the guide.
My environment is a fresh full install of Slackware 15.0:
Code:
root@slack15:~# uname -r
5.15.19
root@slack15:~# slackpkg search lxc
Looking for lxc in package list. Please wait... DONE
The list below shows all packages with name matching "lxc".
[ installed ] - lxc-4.0.11-x86_64-3
You can search specific files using "slackpkg file-search file".
The errors I get seem to be related to syntax, so I'm not sure if I'm missing anything obvious due to my lack of experience with using
gcc. Below is part of the output of the suggested command in the guide:
Code:
root@slack15:~# gcc -o uidmapshift uidmapshift.c
uidmapshift.c:1:1: error: expected identifier or ( before < token
1 | <?xml version="1.0"?>
| ^
uidmapshift.c:11:19: warning: character constant too long for its type
11 | var global_path = '/~serge-hallyn/+junk/nsexec/';
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uidmapshift.c:12:1: error: unknown type name var
12 | var collapsed_icon_path = '/static/images/treeCollapsed.png';
| ^~~
uidmapshift.c:12:27: warning: character constant too long for its type
12 | var collapsed_icon_path = '/static/images/treeCollapsed.png';
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uidmapshift.c:13:1: error: unknown type name var
13 | var expanded_icon_path = '/static/images/treeExpanded.png';
| ^~~
uidmapshift.c:13:26: warning: character constant too long for its type
13 | var expanded_icon_path = '/static/images/treeExpanded.png';
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uidmapshift.c:14:1: error: expected identifier or ( before < token
14 | </script>
| ^
uidmapshift.c:28:1: error: stray \342 in program
28 | ← Back to branch summary
| ^
There is mention in Chris' guide of an alternate way of running unprivileged containers.
Quote:
|
There are now two distinct methods we can use to create an unprivileged container, the classic and the modern.
|
However the modern method does not seem to be mentioned after that.
I imagine it's by directly creating them via a
default.conf file that has entries like what is described in St้phane Graber's
guide:
Code:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
But when trying that approach with my non-privileged user I get the following error:
Code:
lxcuser@slack15:~$ release=15.0 MIRROR=http://mirrors.us.kernel.org/slackware lxc-create -n c1 -t slackware -f ~/.config/lxc/default.conf
getopt: unrecognized option '--mapped-uid'
getopt: unrecognized option '--mapped-gid'
lxc-slackware -h|--help -p|--path=<path> --clean
lxc-create: c1: lxccontainer.c: create_run_template: 1618 Failed to create container from template
lxc-create: c1: tools/lxc_create.c: main: 317 Failed to create container c1
These are the contents of the
~/.config/lxc/default.conf file:
Code:
lxcuser@slack15:~$ cat ~/.config/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = lxcbr0
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
This seems to suggest that the
lxc-slackware script in
/usr/share/lxc/templates can't handle these additional options for unprivileged containers.
I was not able to find anything related to this specific issue in these threads:
1 2 3
I'd appreciate any input, thank you.
