Talk:LXC

Unprivileged containers section confusing
the section about unprivileged containers is confusing, the author creates an "lxc" user and adds subuids/subgids for that user but in fact it seems he's creating/starting the container from a root prompt...

if there's no needs to give a user permissions to create/start containers, you don't need to create any lxc user in order to create/start an unprivileged container.

all what you need to do is to create subuids/subgids for the root user, add lxc.id_map parameters to container's config and create/start the container as root.

moreover, using subuids/subgids 100000-165536 didn't work on my hardened box, but 10000-65536 did. — The preceding unsigned comment was added by Skunk (talk • contribs) 22 February 2016‎


 * Answer - right. With latest edit - this issue are fixed — The preceding unsigned comment was added by Feniksa (talk • contribs) September 12, 2016‎

Is "MAJOR temporary problems with LXC" section still needed?
From what I understand from the linked page, user namespaces are now fully implemented and unprivileged containers are now safe. Couldn't we replace this section with a short description of privileged and unprivileged containers?

Vdupras (talk) 15:27, 8 December 2017 (UTC)

cgmanager deprecated
The cgmanager has become deprecated (see https://github.com/lxc/cgmanager). It is also not working anymore with current systemd builds: https://github.com/lxc/cgmanager/issues/32 https://github.com/lxc/lxc/issues/1554 As workaround the use of the pam module which ships with LXCFS is suggested, but it looks like this does not work with the current ebuilds of gentoo.

configuration files outdated
The configuration options on this page are outdated as of lxc 2.1.1