On Thursday, April 20, 2017 10:44 AM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
> > indeed the container is using the idmap feature because the
> > efective uid/gid map (900/900) is not allowing writes in the
> > filesystem, but it doesn't seems very usefull.
> >
> > is it possible to have read/write containers while using idmap?
>
> You need to change the UIDs in your container's filesystem to be
> offset by 900
> > efective uid/gid map (900/900) is not allowing writes in the
> > filesystem, but it doesn't seems very usefull.
> >
> > is it possible to have read/write containers while using idmap?
>
> You need to change the UIDs in your container's filesystem to be
> offset by 900
yes, that was my first thought but I was unsure if it was the correct way.
running these commands did the trick (not all files are root:root):
# find /media/containers/lab-gentoo-01 -uid 0 -exec chown --no-dereference 900 -- {} \;
# find /media/containers/lab-gentoo-01 -gid 0 -exec chgrp --no-dereference 900 -- {} \;
# ls -l /media/containers/lab-gentoo-01/
total 36
-rw-r--r-- 1 900 900 0 Apr 20 11:16 a
drwxr-xr-x 2 900 900 4096 Apr 13 07:33 bin
drwxr-xr-x 2 900 900 18 Apr 13 03:28 boot
drwxr-xr-x 7 900 900 4096 Apr 18 12:45 dev
drwxr-xr-x 31 900 900 4096 Apr 18 12:49 etc
drwxr-xr-x 2 900 900 18 Apr 13 03:28 home
lrwxrwxrwx 1 900 900 5 Apr 13 06:13 lib -> lib64
drwxr-xr-x 2 900 900 4096 Apr 13 06:14 lib32
drwxr-xr-x 9 900 900 4096 Apr 13 07:33 lib64
drwxr-xr-x 2 900 900 18 Apr 13 03:28 media
drwxr-xr-x 2 900 900 18 Apr 13 03:28 mnt
drwxr-xr-x 2 900 900 18 Apr 13 03:28 opt
drwxr-xr-x 2 900 900 6 Apr 13 03:18 proc
drwx------ 2 900 900 18 Apr 13 03:28 root
drwxr-xr-x 2 900 900 31 Apr 13 07:32 run
drwxr-xr-x 2 900 900 4096 Apr 13 07:36 sbin
drwxr-xr-x 2 900 900 18 Apr 13 03:28 sys
drwxrwxrwt 2 900 900 18 Apr 13 07:36 tmp
drwxr-xr-x 13 900 900 4096 Apr 18 12:49 usr
drwxr-xr-x 9 900 900 102 Apr 13 03:28 var
total 36
-rw-r--r-- 1 900 900 0 Apr 20 11:16 a
drwxr-xr-x 2 900 900 4096 Apr 13 07:33 bin
drwxr-xr-x 2 900 900 18 Apr 13 03:28 boot
drwxr-xr-x 7 900 900 4096 Apr 18 12:45 dev
drwxr-xr-x 31 900 900 4096 Apr 18 12:49 etc
drwxr-xr-x 2 900 900 18 Apr 13 03:28 home
lrwxrwxrwx 1 900 900 5 Apr 13 06:13 lib -> lib64
drwxr-xr-x 2 900 900 4096 Apr 13 06:14 lib32
drwxr-xr-x 9 900 900 4096 Apr 13 07:33 lib64
drwxr-xr-x 2 900 900 18 Apr 13 03:28 media
drwxr-xr-x 2 900 900 18 Apr 13 03:28 mnt
drwxr-xr-x 2 900 900 18 Apr 13 03:28 opt
drwxr-xr-x 2 900 900 6 Apr 13 03:18 proc
drwx------ 2 900 900 18 Apr 13 03:28 root
drwxr-xr-x 2 900 900 31 Apr 13 07:32 run
drwxr-xr-x 2 900 900 4096 Apr 13 07:36 sbin
drwxr-xr-x 2 900 900 18 Apr 13 03:28 sys
drwxrwxrwt 2 900 900 18 Apr 13 07:36 tmp
drwxr-xr-x 13 900 900 4096 Apr 18 12:49 usr
drwxr-xr-x 9 900 900 102 Apr 13 03:28 var
# virsh --connect lxc:/// start --console lab-gentoo-01
Domain lab-gentoo-01 started
Connected to domain lab-gentoo-01
Escape character is ^]
sh-4.3# /usr/bin/id
uid=0(root) gid=0(root) groups=0(root)
Domain lab-gentoo-01 started
Connected to domain lab-gentoo-01
Escape character is ^]
sh-4.3# /usr/bin/id
uid=0(root) gid=0(root) groups=0(root)
sh-4.3# pwd
/
sh-4.3# ls -la
total 40
drwxr-xr-x 21 root root 4096 Apr 20 10:36 .
drwxr-xr-x 21 root root 4096 Apr 20 10:36 ..
-rw------- 1 root root 45 Apr 20 11:15 .bash_history
drwxr-xr-x 2 root root 6 Apr 18 13:41 .oldroot
drwxr-xr-x 2 root root 4096 Apr 13 07:33 bin
drwxr-xr-x 2 root root 18 Apr 13 03:28 boot
drwxr-xr-x 3 root root 320 Apr 20 11:15 dev
drwxr-xr-x 31 root root 4096 Apr 18 12:49 etc
drwxr-xr-x 2 root root 18 Apr 13 03:28 home
lrwxrwxrwx 1 root root 5 Apr 13 06:13 lib -> lib64
drwxr-xr-x 2 root root 4096 Apr 13 06:14 lib32
drwxr-xr-x 9 root root 4096 Apr 13 07:33 lib64
drwxr-xr-x 2 root root 18 Apr 13 03:28 media
drwxr-xr-x 2 root root 18 Apr 13 03:28 mnt
drwxr-xr-x 2 root root 18 Apr 13 03:28 opt
dr-xr-xr-x 249 nobody nobody 0 Apr 20 11:15 proc
drwx------ 2 root root 18 Apr 13 03:28 root
drwxr-xr-x 2 root root 31 Apr 13 07:32 run
drwxr-xr-x 2 root root 4096 Apr 13 07:36 sbin
dr-xr-xr-x 12 nobody nobody 0 Mar 24 23:11 sys
drwxrwxrwt 2 root root 18 Apr 13 07:36 tmp
drwxr-xr-x 13 root root 4096 Apr 18 12:49 usr
drwxr-xr-x 9 root root 102 Apr 13 03:28 var
sh-4.3# touch asdf
/
sh-4.3# ls -la
total 40
drwxr-xr-x 21 root root 4096 Apr 20 10:36 .
drwxr-xr-x 21 root root 4096 Apr 20 10:36 ..
-rw------- 1 root root 45 Apr 20 11:15 .bash_history
drwxr-xr-x 2 root root 6 Apr 18 13:41 .oldroot
drwxr-xr-x 2 root root 4096 Apr 13 07:33 bin
drwxr-xr-x 2 root root 18 Apr 13 03:28 boot
drwxr-xr-x 3 root root 320 Apr 20 11:15 dev
drwxr-xr-x 31 root root 4096 Apr 18 12:49 etc
drwxr-xr-x 2 root root 18 Apr 13 03:28 home
lrwxrwxrwx 1 root root 5 Apr 13 06:13 lib -> lib64
drwxr-xr-x 2 root root 4096 Apr 13 06:14 lib32
drwxr-xr-x 9 root root 4096 Apr 13 07:33 lib64
drwxr-xr-x 2 root root 18 Apr 13 03:28 media
drwxr-xr-x 2 root root 18 Apr 13 03:28 mnt
drwxr-xr-x 2 root root 18 Apr 13 03:28 opt
dr-xr-xr-x 249 nobody nobody 0 Apr 20 11:15 proc
drwx------ 2 root root 18 Apr 13 03:28 root
drwxr-xr-x 2 root root 31 Apr 13 07:32 run
drwxr-xr-x 2 root root 4096 Apr 13 07:36 sbin
dr-xr-xr-x 12 nobody nobody 0 Mar 24 23:11 sys
drwxrwxrwt 2 root root 18 Apr 13 07:36 tmp
drwxr-xr-x 13 root root 4096 Apr 18 12:49 usr
drwxr-xr-x 9 root root 102 Apr 13 03:28 var
sh-4.3# touch asdf
sh-4.3#
Thank you Daniel !!
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
