Talk:LXC

the section about unprivileged containers is confusing, the author creates an "lxc" user and adds subuids/subgids for that user but in fact it seems he's creating/starting the container from a root prompt...

if there's no needs to give a user permissions to create/start containers, you don't need to create any lxc user in order to create/start an unprivileged container.

all what you need to do is to create subuids/subgids for the root user, add lxc.id_map parameters to container's config and create/start the container as root.

moreover, using subuids/subgids 100000-165536 didn't work on my hardened box, but 10000-65536 did.

--- Answer - right. With latest edit - this issue are fixed