LXD for multi-user systems
Accessing LXD has traditionally required and granted a lot of privileges.
Effectively making anyone who could interact with LXD a full local administrator.
This isn't very compatible to restricted or multi-user systems where a specific user shouldn't be able to elevate their privileges and take over the entire system.
With LXD 4.22, LXD introduced a new user daemon which allows for two level of LXD interactions, the traditional complete LXD access granted to system administrators and a new, much more restricted kind of access suitable to regular users.
Such users get an automatically generated LXD projects allowing them to run their own (unprivileged) containers and virtual-machines, isolated from anyone else's instances and sufficiently restricted to prevent privilege escalation.
RESOURCES:
Blog: https://ubuntu.com/blog/shared-develo...
Forum post: https://discourse.ubuntu.com/t/easy-m...
LXD projects: https://documentation.ubuntu.com/lxd/...
Website: https://ubuntu.com/lxd
Community forum: https://discourse.ubuntu.com/c/lxd/
