I have used privileged lxc containers for years. Currently I wanted to run unpriviledged lxc containers. Well, one lxc container with user mapping to my hostuser runs fine.
More than that one is making troubles I can’t solve so far and neither I got help, yet.
As far as I have read about docker, it depends on using root at least to start the application, or there is a real root (0:0) in the linux container - by design. Running unpriviledged seems possible but is no standard. - So I expect the same or other problem when doing so.
What do you think, can I have multiple unprivileged linux dockers with id-mappings to the hostuser?
Every image should be preped in a way that the main process is started as a unprivileged user:
Of course it is: see https://docs.docker.com/engine/reference/run/#user
You need to create a unpriviliged user in a RUN instruction, then the user of the first USER instruction can be overriden by docker run --user
It is also possible to declare the user setting in docker-compose.yml.
Another possibility is to use a system deamon like s6-overlay. They typicaly require root during start, but allow to execute the main process with a unprivileged user.
While the second approach allows to correct permissions in mounted volume, the first approach is a purer approach, which typical has easier to read/write/understand Dockerfiles.
Thank you for your answer. I solved my problem running multiple unpriviledged lxc containers. I prefer staying with them. Maybe one day I come to need docker, too.