Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

troubleshooting.md: incorrect number of required subuids in subuid example #18400

Closed
eriksjolund opened this issue May 1, 2023 · 0 comments · Fixed by #18401
Closed

troubleshooting.md: incorrect number of required subuids in subuid example #18400

eriksjolund opened this issue May 1, 2023 · 0 comments · Fixed by #18401
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@eriksjolund
Copy link
Contributor

eriksjolund commented May 1, 2023
edited
Loading

Issue Description

The numbers 10001 and 1000001 in troubleshooting.md

podman/troubleshooting.md

Lines 274 to 276 in 0429b68

requires. For example, if the container has a user with UID 10000, ensure you
have at least 10001 subuids, and if the container needs to be run as a user with
UID 1000000, ensure you have at least 1000001 subuids.

should be 10000 and 1000000.

Steps to reproduce the issue

On a Fedora 38 system

  1. create the user test that has 1000000 subuids and 1000000 subgids
  2. log in as test
  3. run commands 
    $ grep $USER /etc/subuid
test:37813730:1000000
$ grep $USER /etc/subgid
test:37813730:1000000
$ podman run --rm -ti --user 1000000 alpine echo hi
hi

The same reproducer fails when I replace 1000000 with 999999.

Describe the results you received

A demo that there is no need for 1000001 subuids and subgids.

It's enough just having 1000000 subuids and subgids.

Describe the results you expected

Describe the results you expected

podman info output

host:
  arch: amd64
  buildahVersion: 1.30.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.7-2.fc38.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: '
  cpuUtilization:
    idlePercent: 99.95
    systemPercent: 0.02
    userPercent: 0.03
  cpus: 16
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: workstation
    version: "38"
  eventLogger: journald
  hostname: asus
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 50162
      size: 1
    - container_id: 1
      host_id: 37744801
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 50162
      size: 1
    - container_id: 1
      host_id: 37813730
      size: 1000000
  kernel: 6.2.13-300.fc38.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 1166626816
  memTotal: 7674777600
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.8.4-1.fc38.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.4
      commit: 5a8fa99a5e41facba2eda4af12fa26313918805b
      rundir: /run/user/50162/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  remoteSocket:
    path: /run/user/50162/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-12.fc38.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 7674523648
  swapTotal: 7674523648
  uptime: 40h 38m 4.00s (Approximately 1.67 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/test630/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/test630/.local/share/containers/storage
  graphRootAllocated: 407822663680
  graphRootUsed: 376057163776
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/50162/containers
  transientStore: false
  volumePath: /home/test630/.local/share/containers/storage/volumes
version:
  APIVersion: 4.5.0
  Built: 1681486942
  BuiltTime: Fri Apr 14 17:42:22 2023
  GitCommit: ""
  GoVersion: go1.20.2
  Os: linux
  OsArch: linux/amd64
  Version: 4.5.0



### Podman in a container

No

### Privileged Or Rootless

None

### Upstream Latest Release

Yes

### Additional environment details

Additional environment details

### Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
@eriksjolund eriksjolund added the kind/bug Categorizes issue or PR as related to a bug. label May 1, 2023
@eriksjolund eriksjolund mentioned this issue May 1, 2023
Merged
eriksjolund added a commit to eriksjolund/podman that referenced this issue May 1, 2023
@eriksjolund
[CI:DOCS] troubleshooting: fix subuid example
24be46a 
Fix incorrect number of required subuids in subuid example.

Fixes: containers#18400

Signed-off-by: Erik Sjölund <[email protected]>
@eriksjolund eriksjolund changed the title troubleshooting.md: incorrect UID numbers in subuid example troubleshooting.md: incorrect number of required subuids in subuid example May 1, 2023
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 25, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[CI:DOCS] troubleshooting: fix subuid example eriksjolund/podman
1 participant
@eriksjolund