Lab 3.2 - lxc containers - running unprivileged as root (but not part of exercise)
I ran through the LXC lab again, and tried a variation that is mentioned at the beginning: unprivileged containers can be created by root.
The regular unprivileged setup described in the lab works well. Except for that it can't create LVM volumes (the -B lvm option).
Privileged container also works well. Again, LVM doesn't work and I can't explain.
Next I tried what was hinted: create an unprivileged container as root.
The default Ubuntu 18.04 server installation already had a root entry in /etc/subuid and subgid:
lxd:100000:65536 root:100000:65536 heiko:165536:65536
I edited /etc/lxc/default.conf and added:
lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536
Then I followed the steps installing a container as root. Once created, I tried to start it, but got the following:
[email protected]:~# lxc-start -n priv -d lxc-start: priv: lxccontainer.c: wait_on_daemonized_start: 842 Received container state "ABORTING" instead of "RUNNING" lxc-start: priv: tools/lxc_start.c: main: 330 The container failed to start lxc-start: priv: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode lxc-start: priv: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
I wonder what went wrong?
Also, wouldn't it make sense to include this exercise - creating non-privileged containers as root - in the lab? I know it's a lot of stuff and hard to decide where to shorten.
If anyone has any thoughts on why LVM doesn't work (including as root), that would be a bonus.
Right now my feeling about lxc is that it's not that practical. But I definitely don't know enough about it.