lxc.include = /etc/lxc/default.conf

lxc.idmap = u 0 1738400 65536
lxc.idmap = g 0 1738400 65536

# "Secure" mounting
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed

lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:FF:xx:xx:xx:xx

# Disable AppArmor confinement for containers started by non-root
# See https://discuss.linuxcontainers.org/t/unprivileged-container-wont-start-cgroups-sysvinit/6766 and
# https://discuss.linuxcontainers.org/t/cannot-use-generated-profile-apparmor-parser-not-available/4449

lxc.apparmor.profile = unconfined
# Unprivileged containers started by ROOT can use lxc.apparmor.profile = generated

/var/lib/lxc/ = ~/.local/share/lxc
/var/cache/lxc = ~/.cache/lxc