[pkg-lxc-devel] Bug#959926: lxc-templates: Unprivileged Debian container can also be created by mmdebstrap --mode=unshare

Ryutaroh Matsumoto ryutaroh at ict.e.titech.ac.jp
Thu May 7 05:08:05 BST 2020 

Package: lxc-templates
Version: 3.0.4-3
Severity: minor
Tags: patch

Dear Maintainer,

Dear Maintainer,

Running "lxc-create" by a non-root user gives:

$ lxc-create -t debian -n test-container -- -r buster 
This template can't be used for unprivileged containers.
You may want to try the "download" template instead.

This error message is a bit misleading, as we can also create unprivileged Debian containers
by mmdebstrap --mode=unshare.

A proposed patch is attached.

Best regards, Ryutaroh Matsumoto


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc-templates depends on:
ii  lxc  1:4.0.2-1~1

Versions of packages lxc-templates recommends:
ii  bridge-utils                     1.6-3
pn  busybox-static                   <none>
pn  cloud-image-utils | cloud-utils  <none>
ii  debootstrap                      1.0.123
ii  openssl                          1.1.1g-1
ii  rsync                            3.1.3-8
pn  uuid-runtime                     <none>
ii  xz-utils                         5.2.4-1+b1

lxc-templates suggests no packages.

-- no debconf information
-------------- next part --------------
--- /usr/share/lxc/templates/lxc-debian	2020-04-19 18:59:35.000000000 +0900
+++ lxc-debian	2020-05-07 12:57:03.148065038 +0900
@@ -26,6 +26,8 @@
     if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
         echo "This template can't be used for unprivileged containers." 1>&2
         echo "You may want to try the \"download\" template instead." 1>&2
+        echo "You can also use mmdebstrap --mode=unshare, and an example is found at" 1>&2
+        echo "https://wiki.debian.org/LXC#Unprivileged_Debian_container_by_mmdebstrap_--mode.3Dunshare" 1>&2
         exit 1
     fi
 done

More information about the Pkg-lxc-devel mailing list