swbandit asked:

I’m following these directions to create an LXC box on Debian 7 (wheezy):

I start a container/guest using this command:

sudo lxc-start -n wheezy-base

But when I halt it, the host stops as well.

sudo halt

What am I doing wrong? How to stop an LXC guest correctly and get back to the host?

Thank you

My answer:

You’re using Debian 7, and don’t have access to LXC user namespaces (which should be available in jessie, and are available in stretch). So, “root” in a container is equivalent to root on the host. Thus when you call sudo halt you are doing so as root for the whole system.

(Containers on such older systems are not secure and cannot be made secure; you should be using a newer version of Debian, or preferably a Red Hat-based system, for any container work that requires even a moderate amount of security.)

To kill a container, from outside the container use lxc-stop.

lxc-stop -n wheezy-base -k

From inside the container, try kill -PWR 1 to fake the container’s init process into thinking the (nonexistent) power button has been pressed.

