I would like to have a way to create/list/delete/restore container snapshots from a container itself. That way I can give access to the container to someone else, including the ability to use snapshots.
This could be done by having a “snapshots” daemon running on the host, and a corresponding client tool in each container. The daemon could identify each client container from its ip address. I wonder if there is a tool like this already.
I am not sure there is already such a service that can provide a subset of the functionality of LXD.
I think there was a discussion or feature request on adding fine-grained access controls (or user management) to the access of the LXD socket. Sorry, I cannot find that at this moment.
Having said that, you can use the following to provide full access to LXD to specific containers, https://blog.simos.info/how-to-manage-lxd-from-within-one-of-its-containers/