How to check if an LXD container runs unprivileged?

lxd lxc

yes, is enough that you see that your UID is different than root and other users in your host for the processes running in your container. (setuid/setgid mapping magic)


The page you linked to describes lxc not lxd. lxd is essentially a daemon process that provides access to lxc's features, in a higher-level/more-convenient way. I believe the answer for lxd is:

$ lxc config get your-container-name security.privileged

If that shows "true", then the container is privileged, else not.

Per stgraber's post you can also query the set of privileged containers by running:

$ lxc list security.privileged=true

It's also possible to check if a container is unprivileged from inside the LXD container by checking:

  • /proc/self/uid_map
  • /proc/self/gid_map

where it will show something like (root 0 mapped to user 1000000):

# cat /proc/self/gid_map 
         0    1000000 1000000000
# cat /proc/self/uid_map 
         0    1000000 1000000000

(assuming /etc/subuid & /etc/subgid are correctly configured on the container host)

These values can be read by root or an unprivileged user.

  • source

Related

Synaptics 6cb:00df fingerprint sensor not working
Delete Hotkey that was created during the Ubuntu 21.10 update
Why are some commands like "apt" missing on Raspberry Pi 3 Model B with Ubuntu Core 20?
How to get "send/share via gsconnect" actions on nautilus actions in ubuntu 20.04?
Icons missing after upgrading from 18.04 to 20.04
Suddenly unable to write to usb sticks, the /media structure changed
Wired connection is not showing in the menu (ubuntu 14.04)
Regex to match lines that access a certain port and particular packets
I do not know how to install a tar.gz file
System Freezes Briefly when changing from one keyboard to another
Proper way to set up or change a preferred gpg keyserver in ubuntu 20.04?
startx fails to start