Possible to restrict a host user to only one container?

Hi. I’d like user ‘gamer’ of the host system, to be able to access only one of my LXD containers. Is that possible, and if so how?


I don’t think there is any access rights on containers inside of LXD, but I just can’t begin to see what’s wrong with the obvious way of enabling the ssh daemon in the container, and creating a ‘gamer’ user inside of the container. It don’t give the user the right to delete the container or to start it if it is stopped, but said user can restart it or event halt if given sudo power inside of the container. It would be awkward if the container is privileged but if you have privileged containers your don’t care that much about security anyway.

1 Like

Another way could be to give the gamer user (of the host machine) sudo rights to just this command: lxd exec the-container bash