So many references on the Internet describe how to setup unprivileged containers on Ubuntu, but I've found that it is astonishingly cryptic to get them to work on other Linux distros without knowing about LXC internals. In my case, my distro of choice is Gentoo, and here's how I managed to run my first unprivileged container. (Big thanks to Lord on #gentoofr for spending just a few minutes to find the reference I needed to get it working; it helped tremendously.)
The Gentoo Wiki helped, but was incomplete for some of the crucial steps, namely the following two requirements:
app-admin/cgmanager-0.37or newer is necessary. It's not currently present in portage as of now (June 2nd 2015), so I had to use a local overlay to install it in a clean way. See below for a quick how-to.- A cgroup hierarchy is needed, but no online guide mentions how to create one. That's because on Ubuntu
systemdis responsible for automatically managing it. Gentoo d