How to manage a container's snapshots from the container itself?

I would like to have a way to create/list/delete/restore container snapshots from a container itself. That way I can give access to the container to someone else, including the ability to use snapshots.

This could be done by having a “snapshots” daemon running on the host, and a corresponding client tool in each container. The daemon could identify each client container from its ip address. I wonder if there is a tool like this already.

I am not sure there is already such a service that can provide a subset of the functionality of LXD.

I think there was a discussion or feature request on adding fine-grained access controls (or user management) to the access of the LXD socket. Sorry, I cannot find that at this moment.

Having said that, you can use the following to provide full access to LXD to specific containers,