小编Iva*_*gai的帖子

在运行Ubuntu 14.04.5 LTS的主机中，我有一个名为ci的用户，该用户可以创建一个同样运行Ubuntu 14.04.5 LTS的启动非特权 lxc 容器。用户的 subid 范围为200000-231071。这样一个容器的配置文件是：

# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64

# Nested
lxc.mount.auto = cgroup
lxc.aa_profile = lxc-container-default-with-nesting

# Container specific configuration
lxc.id_map = u 0 200000 65536
lxc.id_map = u 100000 265536 65536
lxc.id_map = g 0 200000 65536
lxc.id_map = g 100000 265536 65536
lxc.rootfs = /home/ci/.local/share/lxc/ci/rootfs
lxc.utsname = ci

# Network configuration
lxc.network.type = veth
lxc.network.flags = up …