sudo -i
emerge app-emulation/lxc
lxc-checkconfig
go set up your kernel for the security features it wants. make sure to back up your working version.
this is a quick hack, there are more formal methods and this is considered lazy, but it gets the job done:
echo "lxc.network.type none" > /etc/lxc/none.conf
it's supposed to grab this automatically but it was breaking for me:
tarball="*path/to/stage3.tar*" lxc-create -t gentoo -n *your_name* -f /etc/lxc/none.conf
wait...
chroot /var/lib/lxc/*your_name*/rootfs /bin/bash
passwd
create new password here
exit
lxc-start -n *your_name* -F
BOOM NEW SHELL IN REALLY SAFE KIND ENVIRONMENT