Unprivilegedl lxc containers potentially provide higher security levels than privileged ones. But they also have some limitations, like it is not easy to start them on boot, or give them a public IP address. These instructions teach how to achieve these goals.
These instructions have been developed taking as base Ubuntu 14.04 and its packages. They can be adapted to other recent Linux distributions.
-
Be sure you have installed lxc, bridge-utils, cgmanager-utils and cgroup-bin packages:
apt-get install apt-get install lxc bridge-utils cgmanager-utils cgroup-bin
-
Protect access to host dmesg, so in case of a compromised container it does not give clues about the host.