Is it safe to copy (tar) files of container (/var/lib/vz/private/CTID/etc, for example) while it's running? And what is the difference between /var/lib/vz/private/ and /var/lib/vz/root/?
./private/ - for real files and you can do changes on it (offline/online CT run).
./root/ - its for mounted CT file system. If you try to change something inside it, no changes will be done.
