# this is not a mistype, 500K should be enough for all your nesting needs, and 5M in /etc/subuid should be enough if you want to create any other containers
lxc.idmap = g 0 2000000 65536
lxc.idmap = u 0 10000000 500000
lxc.idmap = g 0 10000000 500000
lxc.include = /usr/share/lxc/config/nesting.conf
lxc.apparmor.allow_nesting = 1
lxc.seccomp.allow_nesting = 1
lxc.mount.auto = proc sys cgroup:rw:force
```
```
Then:
Then:
@ -478,13 +487,22 @@ lxc-attach -n CONTAINERNAME
You'll get into a container root console.
You'll get into a container root console.
(but still inside this container `apk cgroups start` will produce errors
and mount everything in /sys/fs/cgroups except for openrc as nobody:nobody,
and won't mount openrc at all, and nested containers won't work.)
#### Networking (container)
#### Networking (container)
In container root console, check if network is up with `ifconfig`.
In container root console, check if network is up with `ifconfig`.
If there are no IPv4 address for eth0, you'll have to configure it manually,
If there are no IPv4 address for eth0, you'll have to configure it manually,
by editing `/etc/network/interfaces` either with VI or with cat/echo.
by editing `/etc/network/interfaces`.
The easiest way to do it is by
```
doas nano ~/.local/share/lxc/CONTAINERNAME/rootfs/etc/network/interfaces`