Differences

This shows you the differences between two versions of the page.

--- linux:containers:lxc [11/07/2025 11:26] – [Creating a new container] andrew
+++ linux:containers:lxc [23/07/2025 14:38] (current) – andrew
@@ Line 4: / Line 4: @@
 ===== Installation =====
-Standard install of Ubuntu 14.04, additional packages installed are:- lxc lxctl lxc-templates,
+Standard install of Ubuntu 22.04, additional packages installed are:- lxc lxctl lxc-templates,
 ==== Disk layout ====
@@ Line 204: / Line 204: @@
 </code>
+==== Create Unprivileged Containers as Root with Shared UID and GID Ranges ====
+Creating system-wide unprivileged containers (that is, unprivileged containers created and started by root) requires only a few extra steps to organize subordinate user IDs (uid) and subordinate group IDs (gid).
+Specifically, you need to manually allocate the subordinate uid and gid ranges to root in ''/etc/subuid'' and ''/etc/subgid'' and then set those ranges in ''/etc/lxc/default.conf'' using lxc.idmap entries.
+For example, if you have not done anything on your host related to subordinate uid and gid ranges, the following commands may be all you need. Before doing the following, take a look in /etc/subuid and /etc/subgid to see that the range 100000:65536 is not already in use on your host. If the range is in use, you can use another range.
+  echo "root:100000:65536" >>/etc/subuid
+  echo "root:100000:65536" >>/etc/subgid
+  echo "lxc.idmap = u 0 100000 65536" >>/etc/lxc/default.conf
+  echo "lxc.idmap = g 0 100000 65536" >>/etc/lxc/default.conf
+That's it! Any container you create as root from now on will be running unprivileged.
 ===== Networking =====
@@ Line 229: / Line 249: @@
 ''/etc/init/lxc-net.conf'' sets the default network config. This uses a NAT to a ''lxcbr0'' bridge device.
+Or....
+''/etc/default/lxc-net.conf'' Ubuntu 18.04
 Specific configs are kept in /var/lib/lxc/<HOSTNAME>/config