need some settings, if use root user too launch a LXC unprivileged container, there is a sample:
lxc-create --name n6ku22 --template download -- --dist ubuntu --release kinetic --arch amd64
echo "root:100000:65536" >> /etc/subgid
echo "root:100000:65536" >> /etc/subuid
chown -h -R 100000:100000 /srv/lxc/n6ku22
then add these line in /srv/lxc/n6ku22/config
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
from now, base config is complete. But can't launch container,may be get error like this:
lxc_mount_auto_mounts:810 - Operation not permitted - Failed to mount "proc"
so remount /proc and /sys width relatime is need, do
/usr/bin/mount -t sys sys -o remount,rw,nosuid,nodev,noexec,relatime /sys
/usr/bin/mount -t proc proc -o remount,rw,nosuid,nodev,noexec,relatime /proc
then you can launch container.
If you want use none root user, you can adduser and chmod -R 755 of lxc rootfs dir.