Thanks!
My use case is to use the container to run an application under development, but use the editor/git/etc on my host OS. My hope is that I can simply not worry about security related to whatever dependencies the application has. In order to do this efficiently the project files (that I’m editing) need to be owned by my host OS user account, and the application itself may need to edit them too (unfortunately; actually now that I write this I realize trying to get rid of this requirement may be the way to go).
To talk more specifically about the mounting/mapping, I understand the general concept of mount points and the guest OS not being able to simply change the source of the mount to a different location. What I’m missing is exactly what extra permissions the suggested uid mappings give. My (possibly incorrect) understanding is that some of LXC’s security is derived by it not actually using the real root uid/user’s uid, and instead using subuids to run the container’s processes, and I further assumed that it can’t run processes or otherwise gain the privileges of the non-sub uid accounts. Does this mapping theoretically give the container the ability to run processes as uid 1000? Am I thinking about this wrong?