Sysbox doesn't seem to follow /etc/subuid when running a container

[miladin-dev]

Hi all,

I'm running Sysbox 0.6.2 release with docker locally.
I'm currently trying to increase /etc/subuid subordinate range for sysbox, since I want to try to run Podman inside system container.

Linux version:

$ uname -a
Linux mdev 6.2.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct  6 10:23:26 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Output of /etc/subuid and /etc/subgid

$ cat /etc/subuid
mdev:100000:65539
sysbox:165539:100000
$ cat /etc/subgid
mdev:100000:65539
sysbox:165539:100000

When running docker container with following command:
$ docker run --runtime=sysbox-runc -it --rm --name=podman podman:v1

And executing inside the container:

podman@173ac4d31d89:/$ cat /proc/self/uid_map
         0     165539      65536

Is this expected or there's something on my part here which I didn't understand correctly how it works?
Should the given range inside container when cat /proc/self/uid_map be 100000 instead of 65536?
I've read docs and it says that with sysbox-mgr is possible to change this available range, but I couldn't find the right option for it.

Thanks!

[miladin-dev]

Any updates? :)

[ctalledo]

Hi @miledevv, apologies for the belated reply.

Is this expected or there's something on my part here which I didn't understand correctly how it works?

Yes, it's expected; Sysbox assigns UIDs to the containers from the range it configures for user sysbox in /etc/subuid. In your scenario, looks like /etc/subuid is configured for user sysbox as follows:

sysbox:165539:100000

Therefore, it will map the UIDs in the container as follows:

Container UID	Host UID
0	165539
1	165540
2	165541
..
65535	231074

Note: in the Sysbox Community Edition, it always assigns the same UID range to all containers. Same applies to GIDs.

Hope that helps!

[ctalledo]

(Closing since question was answered).