Still experimental...
Assume that the unprivileged container test already exists. We want a privileged container called test2 to have the same rootfs as test.
Create a privileged container first. Probably need to be the exact same OS as test1!
$ sudo lxc-create -t download -n test2
...
(Follow the prompts to set up the container.)
This shifts the UIDs of the unprivileged container test to root:
(On host)
$ sudo apt install lxd-tools # if not installed yet
$ sudo fuidshift /home/service/.local/share/lxc/test/rootfs -r b:0:100000:65536
This assumes that
- The unprivileged container
testis owned by userserviceon the host. - The UID and GID in container
testall map from 0 to 100000 within a range of 65536.
(Back up the rootfs of test2 if necessary...)
$ sudo cp -r /home/service/.local/share/test/rootfs /var/lib/lxc/test2/
Privileged containers have their rootfs under /var/lib/lxc/$container_name.
$ sudo lxc-start -n test2 -d
Then log into test2 (either by lxc-attach or by ssh), and I may need to run some chown to change the owner/group of home directories back to the original users. For example, the home directory /home/kuang will be owned by root when the rootfs is copied over, so I need to run chown -R kuang:kuang /home/kuang to change the ownership of /home/kuang.
CAVEAT: NOT SURE if other service-related accounts like mysql will be migrated properly... I will have to test.