sysbox icon indicating copy to clipboard operation
sysbox copied to clipboard

Published 20 hours ago verified publisher icon nestybox

mismatching subuid and subgids range

Open iasoon opened this issue 3 years ago • 3 comments

After installing from source on latest master (7e221e0f540793277caeeee4b09b14ad4c0970b2), I was hitting the following error: failed to create sysbox-mgr: failed to setup subid allocator: could not find matching subuid and subgids range for user sysbox.

It seems that sysbox-mgr generated two different ranges in /etc/subuid and /etc/subgid - if I understand the code here correctly, the ranges should be identical to be accepted.

So, I think there are a few issues here;

  • sysbox-mgr should not generate mismatching ranges.
  • I could not find this requirement in the documentation or troubleshooting guide.
  • The error message also feels a bit misleading: I interpreted it as that no subuid and subgids ranges were fond matching the user sysbox.

With some directions, I'd be happy to help resolve this!

iasoon avatar Jun 27 '22 20:06 iasoon

Hi @iasoon,

Thanks for giving Sysbox a shot.

Can you post the contents of your host's /etc/subuid and /etc/subgid files?

ctalledo avatar Jun 27 '22 23:06 ctalledo

Hi @ctalledo, sorry about the delay!

/etc/subuid:

iasoon:1000:1
sysbox:1001:65536

/etc/subgid:

iasoon:982:1
sysbox:983:65536

The top line was already present in the file before running the generation. I'm guessing this is what's causing the issue? after changing the subgid range to 1001:65536, sysbox-mgr starts successfully.

iasoon avatar Jun 29 '22 17:06 iasoon

Hi @iasoon,

Thanks for sending the info. A couple of comments:

  1. The sub[uid|gid] range for user sysbox should normally start above 65535. That way, it does not collide with the normal user range (0->65535) in the Linux host. It would still allow you to mount host files into the container, and they will show up with the proper uids inside (see here).

For example, in my host user sysbox is assigned the range starting at 165536, with a size of 65536 (i.e., range 165536 -> 231071).

cesar@whaleux:~$ cat /etc/subuid
cesar:100000:65536
sysbox:165536:65536

cesar@whaleux:~$ cat /etc/subgid
cesar:100000:65536
sysbox:165536:65536
  1. The ranges for user sysbox should be identical in /etc/subuid and /etc/subgid.

Normally, Sysbox configures the /etc/sub[uid|gid] files when it starts. That is, it adds user sysbox to the files if not present, or otherwise checks that the range for that user is configured correctly. The entity that does this is sysbox-mgr, the source code is here.

Hope that helps!

ctalledo avatar Jun 29 '22 18:06 ctalledo