nestybox
Sysbox doesn't seem to follow /etc/subuid when running a container
Hi all,
I'm running Sysbox 0.6.2 release with docker locally.
I'm currently trying to increase /etc/subuid subordinate range for sysbox, since I want to try to run Podman inside system container.
Linux version:
$ uname -a
Linux mdev 6.2.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct 6 10:23:26 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Output of /etc/subuid and /etc/subgid
$ cat /etc/subuid
mdev:100000:65539
sysbox:165539:100000
$ cat /etc/subgid
mdev:100000:65539
sysbox:165539:100000
When running docker container with following command:
$ docker run --runtime=sysbox-runc -it --rm --name=podman podman:v1
And executing inside the container:
podman@173ac4d31d89:/$ cat /proc/self/uid_map
0 165539 65536
Is this expected or there's something on my part here which I didn't understand correctly how it works?
Should the given range inside container when cat /proc/self/uid_map be 100000 instead of 65536?
I've read docs and it says that with sysbox-mgr is possible to change this available range, but I couldn't find the right option for it.
Thanks!
Hi @miledevv, apologies for the belated reply.
Is this expected or there's something on my part here which I didn't understand correctly how it works?
Yes, it's expected; Sysbox assigns UIDs to the containers from the range it configures for user sysbox in /etc/subuid. In your scenario, looks like /etc/subuid is configured for user sysbox as follows:
sysbox:165539:100000
Therefore, it will map the UIDs in the container as follows:
| Container UID | Host UID |
|---|---|
| 0 | 165539 |
| 1 | 165540 |
| 2 | 165541 |
| .. | |
| 65535 | 231074 |
Note: in the Sysbox Community Edition, it always assigns the same UID range to all containers. Same applies to GIDs.
Hope that helps!
