• Unprivileged Containers in Slackware
• Stephane Graber's intro

• Physical host has to have a network bridge
• On physical host, in /etc/lxc/default.conf:

  lxc.network.type=veth
  lxc.network.link=br0
  lxc.network.flags=up

• Create container: lxc-create -n lxcguest -t /usr/share/lxc/templates/lxc-slackware
• Edit container's config and set MAC for virtual NIC: lxc.network.hwaddr = DE:AD:BE:EF:00:00
• Start container: lxc-start -n lxcguest -d
• Connect to container's console: lxc-console -n lxcguest
  Default login/password is root/root
• In guest, set up networking as usual
• Packages to add:
  • perl
  • python
  • python-setuptools
  • vim
  • less
  • rsync
  • sudo
  • make
  • guile
  • gc
  • libffi

See: Unprivileged containers in Slackware

1. Create standard root-privileged container
2. Remap that container's owner & group numbers to the user's subuid & subgid
3. Move the container into the user's file space
4. Run the unprivileged container

As root:

usermod --add-subuids 100000-165536 rk4n3
usermod --add-subgids 100000-165536 rk4n3

Acquire uidmapshift.c and container-userns-convert from: nsexec tools

Build uidmapshift with:

gcc -o uidmapshift uidmapshift.c

Near the end of the container-userns-convert , around line 61, change the call to uidmapshift to be $PATHTOYOUR/uidmapshift, then make container-userns-convert executable. Perform the actual conversion with (as root):

./container-userns-convert yourcontainername 100000

In $HOME/.config/lxc/default.conf:

lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = DE:AD:BE:EF:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536

In /etc/lxc/lxc-usernet:

rk4n3 veth br0 10

• Install the mysql package(s)
  • Prerequisites in addition to template's packages: libaio and jemalloc