I installed lxc on a debian bullseye server.
apt install lxc
I want to run all my containers (debian bullseye ones) unprivileged
I followed this guide https://salsa.debian.org/lxc-team/lxc/-/blob/debian/1%254.0.6-2/debian/README.Debian#L33
As root on host I tested:
sysctl kernel.unprivileged_userns_clone returns 1
I took the ids as user on host:
grep nonrootusername /etc/subuid /etc/subgid
As root on host I did:
nonrootusername veth lxcbr0 10
As user on host I did:
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.apparmor.profile = unconfined
Since I am using debian bullseye as host I read I could use the unpriv commands.
But I realize that as user on host when I do
lxc-unpriv-start -n MyUnprivilegedContainer
It is never reading my user /.config/lxc/default.conf file
I realize this non root user config file is never read because if I put random characters inside, the containers still start without issue. If I do the same with the /etc/lxc/default.conf file it crashes.
I tried to find the answers in documentation https://linuxcontainers.org/lxc/getting-started/#LXC but I didn’t find where the unpriv (lxc-unpriv-start, and so on…) commands are explained.
Could you please you help me out how to deal correctly with lxc in my case?
I finally realized the non root user conf file is located here on host:
I don’t know if it is specific to the lxc-unpriv-start way to use the container on debian bullseye?