You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /etc/subuid and /etc/subgid files format supports both "login name" and "UID" of a user as the value of the first fields. For example:
0:1000000:1000000000
user:1001000000:1000000000
And according to subuid(5) and subgid(5) manpages, using the UID format instead of login name format is recommended:
When large number of entries (10000-100000 or more) are defined in /etc/subuid, parsing performance penalty will become noticeable. In this case it is recommended to use UIDs instead of login names. Benchmarks have shown speed-ups up to 20x.
However, incus fails to create unprivileged containers if subuid/subgid files use the UID-only format.
Steps to reproduce
echo "0:1000000:1000000000" | sudo tee /etc/subuid /etc/subgid
sudo systemctl restart incus.socket
Following error is written to the daemon's log, probably in this step:
level=error msg="Unable to parse system idmap" err="No map found for user"
sudo incus create images:alpine/3.19 test
Fails with following error:
Error: Failed instance creation: Failed creating instance record: Failed initialising instance: Invalid config: No uid/gid allocation configured. In this mode, only privileged containers are supported
Note that step 3 succeeds if you replace 0 with root in step 1.
Information to attach
Output of sudo incus create images:alpine/3.19 test with --debug flag: test.txt
Main daemon log (at /var/log/incus/incusd.log): log.txt
The text was updated successfully, but these errors were encountered:
I have the same issue on Garuda Linux (Arch based) but the /etc/subuid and /etc/subgid files on my host are using the login name format and incus still fails to create unprivileged containers
Launching kalict
Error: Failed creating instance record: Failed initialising instance: Invalid config: No uid/gid allocation configured. In this mode, only privileged containers are supported
stgraber
added a commit
to stgraber/incus
that referenced
this issue
Mar 20, 2024
After switching from LXD to Incus on my Debian 12 system, I encountered the same error. Despite installing Incus, the issue persisted. Eventually, I resolved it by removing the LXD user configurations from /etc/subuid and /etc/subgid. To do so, I retained only the essential line in both files, assuming no additional configurations are present:
Required information
incus info
: Attached:incus-info.txt
Issue description
The
/etc/subuid
and/etc/subgid
files format supports both "login name" and "UID" of a user as the value of the first fields. For example:And according to
subuid(5)
andsubgid(5)
manpages, using the UID format instead of login name format is recommended:However,
incus
fails to create unprivileged containers ifsubuid
/subgid
files use the UID-only format.Steps to reproduce
echo "0:1000000:1000000000" | sudo tee /etc/subuid /etc/subgid
sudo systemctl restart incus.socket
Following error is written to the daemon's log, probably in this step:
sudo incus create images:alpine/3.19 test
Fails with following error:
Note that step 3 succeeds if you replace
0
withroot
in step 1.Information to attach
sudo incus create images:alpine/3.19 test
with--debug
flag:test.txt
log.txt
The text was updated successfully, but these errors were encountered: