Talk:LXC

the section about unprivileged containers is confusing, the author creates an "lxc" user and adds subuids/subgids for that user but in fact it seems to create/start the container from a root prompt...

if there's not the need to give a user permissions to create/start containers, you don't need to create any lxc user in order to create/start an unprivileged container.

all what you need to do is to create subuids/subgids for the root user, add lxc.id_map parameters to container's config and create/start the container as root.

note: using subuids/subgids 100000-165536 didn't work on my hardened box, but 10000-65536 did.