Could not find records for the current user ... from /etc/subgid
gabrieldemarmiesse opened this issue · 1 comments
gabrieldemarmiesse commented
Hello,
I am following this article:
https://engineering.docker.com/2019/02/experimenting-with-rootless-docker/
and I could not get to install docker in rootless mode. Here is what I tried:
[dummy_user@jaguar ~]$ curl -sSL https://get.docker.com/rootless | sh
# Missing system requirements. Please run following commands to
# install the requirements and run this installer again.
# Alternatively iptables checks can be disabled with SKIP_IPTABLES=1
cat <<EOF | sudo sh -x
curl -o /etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
yum install -y shadow-utils46-newxidmap
cat <<EOT > /etc/sysctl.d/51-rootless.conf
user.max_user_namespaces = 28633
EOT
sysctl --system
EOF
[dummy_user@jaguar ~]$ exit
[root@jaguar shared_account]# cat <<EOF | sudo sh -x
> curl -o /etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
> yum install -y shadow-utils46-newxidmap
> cat <<EOT > /etc/sysctl.d/51-rootless.conf
> user.max_user_namespaces = 28633
> EOT
> sysctl --system
> EOF
+ curl -o /etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 382 100 382 0 0 336 0 0:00:01 0:00:01 --:--:-- 336
+ yum install -y shadow-utils46-newxidmap
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.quelquesmots.fr
* epel: fr2.rpmfind.net
* extras: centos.crazyfrogs.org
* ius: mirror.amsiohosting.net
* updates: centos.mirror.fr.planethoster.net
vbatts-shadow-utils-newxidmap | 3.0 kB 00:00:00
vbatts-shadow-utils-newxidmap/x86_64/primary_db | 6.1 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package shadow-utils46-newxidmap.x86_64 2:4.6-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
shadow-utils46-newxidmap x86_64 2:4.6-4.el7 vbatts-shadow-utils-newxidmap 55 k
Transaction Summary
=============================================================================================================================================================
Install 1 Package
Total download size: 55 k
Installed size: 78 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/vbatts-shadow-utils-newxidmap/packages/shadow-utils46-newxidmap-4.6-4.el7.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 86062069: NOKEY
Public key for shadow-utils46-newxidmap-4.6-4.el7.x86_64.rpm is not installed
shadow-utils46-newxidmap-4.6-4.el7.x86_64.rpm | 55 kB 00:00:01
Retrieving key from https://copr-be.cloud.fedoraproject.org/results/vbatts/shadow-utils-newxidmap/pubkey.gpg
Importing GPG key 0x86062069:
Userid : "vbatts_shadow-utils-newxidmap (None) <vbatts#shadow-utils-newxidmap@copr.fedorahosted.org>"
Fingerprint: c3d6 a7a0 ec6c 0d68 b33d 9e58 b2b2 93f9 8606 2069
From : https://copr-be.cloud.fedoraproject.org/results/vbatts/shadow-utils-newxidmap/pubkey.gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:shadow-utils46-newxidmap-4.6-4.el7.x86_64 1/1
Verifying : 2:shadow-utils46-newxidmap-4.6-4.el7.x86_64 1/1
Installed:
shadow-utils46-newxidmap.x86_64 2:4.6-4.el7
Complete!
+ cat
+ sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/51-rootless.conf ...
user.max_user_namespaces = 28633
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
[root@jaguar shared_account]# su dummy_user
[dummy_user@jaguar shared_account]$ curl -sSL https://get.docker.com/rootless | sh
Could not find records for the current user dummy_user from /etc/subuid . Please make sure valid subuid range is set there.
For example:
echo "dummy_user:100000:65536" >> /etc/subuid
[dummy_user@jaguar shared_account]$ echo "dummy_user:100000:65536" >> /etc/subuid
bash: /etc/subuid: Permission denied
[dummy_user@jaguar shared_account]$ exit
[root@jaguar shared_account]# echo "dummy_user:100000:65536" >> /etc/subuid
[root@jaguar shared_account]# su dummy_user
[dummy_user@jaguar shared_account]$ curl -sSL https://get.docker.com/rootless | sh
Could not find records for the current user dummy_user from /etc/subgid . Please make sure valid subuid range is set there.
For example:
echo "dummy_user:100000:65536" >> /etc/subgid
[dummy_user@jaguar shared_account]$
I use CentOS.
CentOS Linux release 7.6.1810 (Core)
I you need me to try anything else or to give more info, please let me know.
And thanks for making Docker!
gabrieldemarmiesse commented
My bad, I didn't notice I had to do it for the subuid and subgid. It wasn't the same message. Everything is working now :)