Make sure got volatile keys in config:
lxc config edit my-borked-container
Lookout for these, if they are missing adding them and restarting the container should fix it.
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
I think.. caused by the rest API PUT config without these values will bork the containers uid/gui mapping and show everything owned by 1000000 and quickly become broken when things start writing files like mysql etc as nobody then owns it once fixed.
A broken config looks some what like:
### This is a yaml representation of the configuration.
### Any line starting with a '# will be ignored.
###
### A sample configuration looks like:
### name: container1
### profiles:
### - default
### config:
### volatile.eth0.hwaddr: 00:16:3e:e9:f8:7f
### devices:
### homedir:
### path: /extra
### source: /home/user
### type: disk
### ephemeral: false
###
### Note that the name is shown but cannot be changed
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 18.10 amd64 (release) (20190320)
image.label: release
image.os: ubuntu
image.release: cosmic
image.serial: "20190320"
image.version: "18.10"
volatile.eth0.hwaddr: 00:16:3e:d0:56:51
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.last_state.power: STOPPED
ephemeral: false