Talk:LXC

Unprivileged containers section confusing

the section about unprivileged containers is confusing, the author creates an "lxc" user and adds subuids/subgids for that user but in fact it seems he's creating/starting the container from a root prompt...

if there's no needs to give a user permissions to create/start containers, you don't need to create any lxc user in order to create/start an unprivileged container.

all what you need to do is to create subuids/subgids for the root user, add lxc.id_map parameters to container's config and create/start the container as root.

moreover, using subuids/subgids 100000-165536 didn't work on my hardened box, but 10000-65536 did. — The preceding unsigned comment was added by Skunk (talk • contribs) 22 February 2016‎

Answer - right. With latest edit - this issue are fixed — The preceding unsigned comment was added by Feniksa (talk • contribs) September 12, 2016‎

Is "MAJOR temporary problems with LXC" section still needed?

From what I understand from the linked page, user namespaces are now fully implemented and unprivileged containers are now safe. Couldn't we replace this section with a short description of privileged and unprivileged containers?

Vdupras (talk) 15:27, 8 December 2017 (UTC)

Answer - I renamed it to something less scary and got rid of the obsolete links. Rage (talk) 01:20, 15 June 2018 (UTC)

cgmanager deprecated

The cgmanager has become deprecated (see https://github.com/lxc/cgmanager). It is also not working anymore with current systemd builds: https://github.com/lxc/cgmanager/issues/32 https://github.com/lxc/lxc/issues/1554 As workaround the use of the pam module which ships with LXCFS is suggested, but it looks like this does not work with the current ebuilds of gentoo.