Skip to content

rootless docker fails to start when using numeric uids in /etc/subuid #40926

New issue
New issue
Closed
#40948
Closed
rootless docker fails to start when using numeric uids in /etc/subuid#40926
#40948
Labels
area/rootlessRootless Modekind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.
@NikolausDemmel

Description

@NikolausDemmel
NikolausDemmel
opened on May 7, 2020

Description

I just tried installing rootless docker, and it seems to fail if /etc/subuid doesn't use usernames but instead uids. With numeric uids (as in 20592:3900000:100000) I get this error:

[rootlesskit:parent] error: failed to setup UID/GID map: failed to compute uid/gid map: No subuid ranges found for user "demmeln"

After replacing it with demmeln:3900000:100000 in /etc/subuid (and subgid) I can start the rootless daemon just fine. According to the man page of /etc/subuid numeric uids should be supported and also podman works fine with them.

Output of docker version:

Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:22:56 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 01:30:32 2020
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker info:

Client:
 Debug Mode: false

Server:
 Containers: 2
  Running: 0
  Paused: 0
  Stopped: 2
 Images: 1
 Server Version: 19.03.8
 Storage Driver: vfs
 Logging Driver: json-file
 Cgroup Driver: none
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
  rootless
 Kernel Version: 5.3.0-51-generic
 Operating System: Ubuntu 18.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 62.44GiB
 Name: atcremers83
 ID: XMTU:VR3S:4QUF:3ZMX:LAEK:N6AU:K47O:4G7T:MAUL:EWL3:SI5M:MUVH
 Docker Root Dir: /usr/wiss/demmeln/bionic/.local/share/docker
 Debug Mode: false
 Username: nikolausdemmel
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

WARNING: No swap limit support

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/rootlessRootless Modekind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions