LXC for Debian -------------- Most templates ship without a root password, so you cannot login with lxc-console -n You can, however, get a shell (without a tty) by running lxc-attach -n If you really need a root password set, you can do so by calling lxc-attach -n passwd or you could allow a password-less login by calling lxc-attach -n sed -i '/root/ s/:\*:/::/' /etc/shadow After either of these you will be again able to login via lxc-console. Starting LXC containers ----------------------- Should you meet troubles to start a container, a first thing to do is to check whether apparmor is installed (it is a Recommend of the package, hence it can be absent if you disabled the installation of recommends). If not, you have two options: 1. Install it 2. Alter the lxc.apparmor.profile entry in `/etc/lxc/default.conf`, and in your containers configurations. `lxc.apparmor.profile = unconfined` is the appropriate option. Mind also to remove the `lxc.apparmor.allow_nesting` entry. If AppArmor is present and you still have issues, follow the advice by setting --logfile and --logpriority options and you'll get more intel on why your containers won't start. Unprivileged containers ----------------------- To be able to start a user (unprivileged) container, one needs to change the '/etc/sysctl.conf' file to append kernel.unprivileged_userns_clone=1 and run `sysctl -p`. One would also need to also set an AppArmor profile adapted to these, either in their `.config/lxc/default.conf` or in the newly created container's configuration for it to start. Both 'lxc.apparmor.profile = lxc-container-default-cgns' and 'lxc.apparmor.profile = unconfined' are appropriate configurations for it to start. -- Evgeni Golov Sat, 16 Jul 2016 11:49:16 +0200