Ah.. apologies for my misguidance below. It made me realize that I wrote these blog posts with a VM on another Hypervisor, not on my Proxmox/LXC (just the Docker guide that I haven't yet transitioned to rootless-in-unprivileged-lxc).
See the explanation here [1]: Unprivileged LXC on Proxmox seem to be restricted to the uid range below 65536 UIDs/GIDs (to be used _inside_ the LXC -> to be mapped to > 100000:165536 outside the LXC/on the host).
In order to use subuids/gids > 65536 inside the LXC, add a mapping to the LXC config:
root:100000:65536
to /etc/subgid and /etc/subuid.
Now you'll have 100000 to 165536 available inside the LXC, where you can add:
devel:100000:65536
to the /etc/subgid and /etc/subuid inside the LXC, for nested rootless podman/docker.
As a consequence, you're mapping the devel user to the same range as the LXC root user. In other words, processes inside the LXC and inside the rootless podman could run in the same namespace on the Proxmox host. If you don't want that, you'll need to provide additional ranges to the LXC (e.g. root:100000:165536 and then map `devel` to (e.g.) 200000 to 265536 (devel:200000:265536).
See the explanation here [1]: Unprivileged LXC on Proxmox seem to be restricted to the uid range below 65536 UIDs/GIDs (to be used _inside_ the LXC -> to be mapped to > 100000:165536 outside the LXC/on the host).
In order to use subuids/gids > 65536 inside the LXC, add a mapping to the LXC config:
to /etc/subgid and /etc/subuid.Now you'll have 100000 to 165536 available inside the LXC, where you can add:
to the /etc/subgid and /etc/subuid inside the LXC, for nested rootless podman/docker.As a consequence, you're mapping the devel user to the same range as the LXC root user. In other words, processes inside the LXC and inside the rootless podman could run in the same namespace on the Proxmox host. If you don't want that, you'll need to provide additional ranges to the LXC (e.g. root:100000:165536 and then map `devel` to (e.g.) 200000 to 265536 (devel:200000:265536).
* I did not actually test all stated above.
[1] https://forum.proxmox.com/threads/how-to-use-uids-gids-highe...