[lxc-users] Running an unprivileged container through systemd as root rather than as a user

John da_audiophile at yahoo.com
Mon Jan 9 14:49:28 UTC 2017


I would like to call the systemd unit lxc at .service to run an unprivileged container that I created as the root user rather than as a system user. Does doing so present any security concerns?

For reference, I created the container like this:


1) Added the following to /etc/lxc/default.conf
 lxc.id_map = u 0 100000 65536
 lxc.id_map = g 0 100000 65536
2) Created /etc/subgid and /etc/subuid (both 644) that both contain the following line:

 root:100000:65536
3) as root, ran `lxc-create -n unprivileged -t download`


More information about the lxc-users mailing list