Container with LXC/LXD (3)

Clean up `d0` instance for experiment

In following examples, the instance d0 is always deleted in advance without mentions by:

 $ lxc stop d0
 $ lxc delete d0

or simply:

 $ lxc delete d0 -f

Merging YAML settings

As seen in following examples, YAML settings of lxc are merged by key for dictionary.

subuid and subgid on Debian with LXD

UID and GID:

POSIX requires to cover: 0 - 2^16-1 = 65,535
- 65,534 == nobody
64-bit Linux allows: 0 = 2^64-1 = 18,446,744,073,709,551,615

For Debian with 2 normal UID/GID, /etc/subuid and /etc/subgid are:

osamu:100000:65536
zzz:165536:65536
_lxd:231072:10000001
root:231072:10000001

This means:

UID=0 in LXD container is mapped to UID=231072 on host.
UID=1000 in LXD container is mapped to UID=232072 on host.

Please note, 165536 = (100000 + 65536) and 231072 = (165536 + 65536).

It seems that the values in these files changes with distributions and install condition. Debian uses lxd for user name and _lxd for group name while other distribution seems to use lxd for both user and group name for LXD.

 $ grep lxd /etc/passwd
_lxd:x:129:138::/var/lib/lxd/:/bin/false
 $ grep lxd /etc/group
lxd:x:138:osamu

NOTE: If you change /etc/subuid and /etc/subgid, you need to execute systemctl restart lxd or reboot the system to get system updated.

Basic ID Mapping of LXD

I created and used the baseline deb-12 image using lxcinit -d -p 12.

Then I started an instance d0 with lxc launch deb-12 d0.

I started one root (UID=0) shell with lxc exec d0 -- bash -i, and one primary user (UID=1000) shell with lxc exec d0 -- sudo -u osamu bash -i in a lxd instance d0.

Then I started one primary user (UID=1000) shell on the host Gnome terminal, and one root (UID=0) shell on the Linux terminal tty3 on the host system.

 $ ps aux
...
231072     18801  0.0  0.0   7588  3584 pts/1    Ss+  07:07   0:00 bash -i
...
232072     19122  0.0  0.0   7588  3584 pts/3    S+   07:08   0:00 bash -i
...
osamu      21311  1.2  0.0   8600  5376 pts/7    Ss   07:25   0:00 bash
...
root       22686  0.0  0.0   8468  5120 tty3     S+   07:33   0:00 -bash
...

Let’s see /proc/18801, /proc/19122, proc/21311, and proc/22686.

PID	18801	19122	21311	22686
UID (global)	231072	232072	1000	0
UID in container	0	1000	N/A	N/A
cgroup	`0::/lxc.payload.d0/.lxc`	`0::/lxc.payload.d0/.lxc`	*1	*2
gid_map	`0 231072 10000001`	`0 231072 10000001`	`0 0 4294967295`	`0 0 4294967295`
uid_map	`0 231072 10000001`	`0 231072 10000001`	`0 0 4294967295`	`0 0 4294967295`

*1: 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-15e39553-cc20-4c70-bfd5-f8b95e2c6b5a.scope
*2: 0::/user.slice/user-0.slice/session-11.scope

Mounting file (RO) – `lxc config ...`

Let’s start an instance d0 with the primary user in the container being osamu. (user1.yaml is from “Override default_user settings (2)”)

 $ lxc launch images:debian/12/cloud d0 <user1.yaml

Let’s think about sharing the directory ~/ of the primary user osamu in the host as a directory ~/shared of the primary user osamu in the container by mounting it.

 $ echo $HOME
/home/osamu
 $ lxc config device add d0 homedir disk source=/home/osamu path=/home/osamu/host
 $ lxc config device show d0
homedir:
  path: /home/osamu/host
  source: /home/osamu
  type: disk
 $ lxc start d0
 $ lxc exec do -- sudo -u osamu -i
osamu@d0:\~$ ls -la
total 16
drwxr-xr-x 1 osamu  osamu    146 Nov 17 12:53 .
drwxr-xr-x 1 root   root      10 Nov 17 05:09 ..
-rw------- 1 osamu  osamu      7 Nov 17 09:04 .bash_history
-rw-r--r-- 1 osamu  osamu    220 Apr 23  2023 .bash_logout
-rw-r--r-- 1 osamu  osamu   3526 Apr 23  2023 .bashrc
-rw-r--r-- 1 osamu  osamu    807 Apr 23  2023 .profile
drwx------ 1 osamu  osamu     30 Nov 17 05:09 .ssh
-rw-r--r-- 1 osamu  osamu      0 Nov 17 12:52 .sudo_as_admin_successful
drwxr-xr-x 1 nobody nogroup 2132 Nov 17 08:54 host
osamu@d0:\~$ ls -lani
total 16
21804 drwxr-xr-x 1  1000  1000  146 Nov 17 12:53 .
  992 drwxr-xr-x 1     0     0   10 Nov 17 05:09 ..
21916 -rw------- 1  1000  1000   62 Nov 17 12:57 .bash_history
21805 -rw-r--r-- 1  1000  1000  220 Apr 23  2023 .bash_logout
21806 -rw-r--r-- 1  1000  1000 3526 Apr 23  2023 .bashrc
21807 -rw-r--r-- 1  1000  1000  807 Apr 23  2023 .profile
21820 drwx------ 1  1000  1000   30 Nov 17 05:09 .ssh
21990 -rw-r--r-- 1  1000  1000    0 Nov 17 12:52 .sudo_as_admin_successful
  256 drwxr-xr-x 1 65534 65534 2132 Nov 17 08:54 host

Here, a few interesting points.

The directory assigned to path= doesn’t need to exist in advance. It is created automatically.
/home/osamu on the host is mounted to /home/osamu/host in the container.
/home/osamu/host in the container is btrfs subvolume root (inode=256) since /home/osamu on the host is btrfs subvolume root.
/home/osamu/host in the container is owned by nobody:nogroup due to we use unprivileged container without raw.idmap.

Mounting file (RW) – `lxc config ...`

Let me use raw.idmap.

$ lxc config set d0 raw.idmap='both 1000 1000'
$ lxc start d0
Error: Failed to run: /usr/bin/lxd forkstart d0 /var/lib/lxd/containers /var/log/lxd/d0/lxc.conf: exit status 1
Try `lxc info --show-log d0` for more info
$ lxc info --show-log d0
Name: d0
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2023/11/17 14:09 JST
Last Used: 2023/11/17 22:11 JST

Log:

lxc d0 20231117131132.970 ERROR    conf - ../src/lxc/conf.c:lxc_map_ids:3701 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 40760 0 231072 1000 1000 1000 1 1001 232073 9999000
...

Oops, it failed! Googling lead me to read tips:

 $ echo "root:1000:1" | sudo tee -a /etc/subuid
 $ echo "root:1000:1" | sudo tee -a /etc/subgid
 $ cat /etc/subuid
osamu:100000:65536
zzz:165536:65536
_lxd:231072:10000001
root:231072:10000001
root:1000:1
 $ cat /etc/subgid
osamu:100000:65536
zzz:165536:65536
_lxd:231072:10000001
root:231072:10000001
root:1000:1
 $ sudo systemctl restart lxd

This updates LXD and fixes situation. Now.

 $ lxc start d0
 $ lxc exec d0 -- sudo -u osamu -i ls -la
total 16
drwxr-xr-x 1 osamu osamu  146 Nov 17 12:53 .
drwxr-xr-x 1 root  root    10 Nov 17 05:09 ..
-rw------- 1 osamu osamu   79 Nov 17 13:05 .bash_history
-rw-r--r-- 1 osamu osamu  220 Apr 23  2023 .bash_logout
-rw-r--r-- 1 osamu osamu 3526 Apr 23  2023 .bashrc
-rw-r--r-- 1 osamu osamu  807 Apr 23  2023 .profile
drwx------ 1 osamu osamu   30 Nov 17 05:09 .ssh
-rw-r--r-- 1 osamu osamu    0 Nov 17 12:52 .sudo_as_admin_successful
drwxr-xr-x 1 osamu osamu 2132 Nov 17 15:13 host

No more error and RW access with matching UID/GID!

Let me check configuration of instance d0.

 $ lxc config show d0
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  raw.idmap: both 1000 1000
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: c858bc54-89fb-401a-859f-9be2be0baf3c
  volatile.eth0.host_name: veth659389ff
  volatile.eth0.hwaddr: 00:16:3e:93:1b:3c
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 11479146-4515-4491-811a-9ee9d56760c1
devices:
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
 $ lxc config show d0 -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  raw.idmap: both 1000 1000
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: c858bc54-89fb-401a-859f-9be2be0baf3c
  volatile.eth0.host_name: veth659389ff
  volatile.eth0.hwaddr: 00:16:3e:93:1b:3c
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 11479146-4515-4491-811a-9ee9d56760c1
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Mounting file (RW) – profile=default + `shared.yaml`

Instead of configuring via lxc config ... command line, here is a YAML configuration shared.yaml to get an equivalent settings.

container with clean set of group ID
the primary user name osamu
/home/osamu/host sharing contents with the home directory of osamu.

config:
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash    
  raw.idmap: both 1000 1000
devices:
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk

Then launch d0 with:

 $ lxc launch images:debian/12/cloud d0 <shared.yaml

The resulting configuration is:

 $ lxc config show d0
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231118_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231118_05:24"
  image.type: squashfs
  image.variant: cloud
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash
  volatile.base_image: 95c1684ed49c0d5a2f1f9014d8e0e506cfa5a4fb43a457bdd84d79916aa1dcd3
  volatile.cloud-init.instance-id: f3632c49-81de-45d0-9d75-582195a32666
  volatile.eth0.host_name: vethf053a734
  volatile.eth0.hwaddr: 00:16:3e:85:6f:b4
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: b3de4c22-e23f-4939-b083-4bccdfdcb725
devices:
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

It looks good but I wasn’t sure if ethernet bridge device is created. So I expand this configuration as:

 $ lxc config show d0 -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231118_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231118_05:24"
  image.type: squashfs
  image.variant: cloud
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash
  volatile.base_image: 95c1684ed49c0d5a2f1f9014d8e0e506cfa5a4fb43a457bdd84d79916aa1dcd3
  volatile.cloud-init.instance-id: f3632c49-81de-45d0-9d75-582195a32666
  volatile.eth0.host_name: vethf053a734
  volatile.eth0.hwaddr: 00:16:3e:85:6f:b4
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":10000001},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":10000001}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: b3de4c22-e23f-4939-b083-4bccdfdcb725
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false

It looks good to me.

Mounting file (RW) – profile=shared

I used shared.yaml to make profile shared as:

 $ lxc profile create shared
 $ lxc profile edit sharedx <shared.yaml
 $ $ lxc profile edit shared
Profile shared created
 $ lxc profile edit shared <shared.yaml
 $ lxc launch images:debian/12/cloud d0 --profile=shared
Creating d0
Error: Failed instance creation: Failed creating instance record: Failed initialising instance: Invalid devices: Failed detecting root disk device: No root device could be found

Hmmmm.. root device which was defined in profile=default is missing. So I also specified --profile=default as:

 $ lxc launch images:debian/12/cloud d0 --profile=default --profile=shared
Creating d0
Starting d0
 $ lxc config show d0
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: 0b8eac4b-f530-4628-a615-8f3b995b5680
  volatile.eth0.host_name: veth3abc0116
  volatile.eth0.hwaddr: 00:16:3e:fa:e7:a5
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 3387ffc3-8640-4173-9f22-398bd0484dcd
devices: {}
ephemeral: false
profiles:
- default
- shared
stateful: false
description: ""
 $  lxc config show d0 -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  raw.idmap: both 1000 1000
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: 0b8eac4b-f530-4628-a615-8f3b995b5680
  volatile.eth0.host_name: veth3abc0116
  volatile.eth0.hwaddr: 00:16:3e:fa:e7:a5
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 3387ffc3-8640-4173-9f22-398bd0484dcd
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
- shared
stateful: false

Unless expanded, settings set by each profile listed under profiles: as list can’s be seen.

Mounting file (RW) – profile=sharedx

Since specifying 2 profiles are cumbersome, I made sharedx.yaml as:

config:
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash    
  raw.idmap: both 1000 1000
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
 $ lxc profile create sharedx
Profile sharedx created
 $ lxc profile edit sharedx <sharedx.yaml
 $ lxc launch images:debian/12/cloud d0 --profile=sharedx
Creating d0
Starting d0
 $ lxc exec d0 -- ls -la /home/osamu
total 0
drwxr-xr-x 1 root  root    16 Nov 19 14:10 .
drwxr-xr-x 1 root  root    10 Nov 19 14:10 ..
drwx------ 1 osamu osamu   30 Nov 19 14:10 .ssh
drwxr-xr-x 1 osamu osamu 2254 Nov 19 13:40 host

Now, I got my intended instance d0.

Let me double check its configuration.

 $ lxc config show d0
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: b618beef-9f19-4b0c-a9b7-f8b7cabca484
  volatile.eth0.host_name: vetha0f3aa40
  volatile.eth0.hwaddr: 00:16:3e:1f:70:1f
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 7c6b708c-0645-4faf-b68c-2472da6c7596
devices: {}
ephemeral: false
profiles:
- sharedx
stateful: false
description: ""
 $ lxc config show d0 -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231119_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231119_05:24"
  image.type: squashfs
  image.variant: cloud
  raw.idmap: both 1000 1000
  user.user-data: |
    #cloud-config
    users:
    - name: osamu
      lock_passwd: True
      groups: [adm, audio, cdrom, dialout, dip, floppy, plugdev, sudo, video]
      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
      shell: /bin/bash
  volatile.base_image: 02f1ae40b26f73862579d1e4402df009688f7cb0ee17ccc58c5bc3c1a9bdf9b1
  volatile.cloud-init.instance-id: b618beef-9f19-4b0c-a9b7-f8b7cabca484
  volatile.eth0.host_name: vetha0f3aa40
  volatile.eth0.hwaddr: 00:16:3e:1f:70:1f
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":232073,"Nsid":1001,"Maprange":9999000},{"Isuid":false,"Isgid":true,"Hostid":231072,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":232073,"Nsid":1001,"Maprange":9999000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 7c6b708c-0645-4faf-b68c-2472da6c7596
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  homedir:
    path: /home/osamu/host
    source: /home/osamu
    type: disk
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- sharedx
stateful: false

Top

Container with LXC/LXD (3)

Date: 2023/11/13 (initial publish), 2024/02/23 (last update)

Source: en/note-00054.md

TOC

Clean up `d0` instance for experiment

Merging YAML settings

subuid and subgid on Debian with LXD

Basic ID Mapping of LXD

Mounting file (RO) – `lxc config ...`

Mounting file (RW) – `lxc config ...`

Mounting file (RW) – profile=default + `shared.yaml`

Mounting file (RW) – profile=shared

Mounting file (RW) – profile=sharedx

Container with LXC/LXD (3)

Date: 2023/11/13 (initial publish), 2024/02/23 (last update)

Source: en/note-00054.md

TOC

Clean up d0 instance for experiment

Merging YAML settings

subuid and subgid on Debian with LXD

Basic ID Mapping of LXD

Mounting file (RO) – lxc config ...

Mounting file (RW) – lxc config ...

Mounting file (RW) – profile=default + shared.yaml

Mounting file (RW) – profile=shared

Mounting file (RW) – profile=sharedx

Clean up `d0` instance for experiment

Mounting file (RO) – `lxc config ...`

Mounting file (RW) – `lxc config ...`

Mounting file (RW) – profile=default + `shared.yaml`