How do i know if my lxc container is nested?

[moxfan]

Is there some sort of indicator inside the container that confirms that nesting has been enabled and is active?

 

[Dunuin]

Enabling nesting will give the LXC access to the hosts /dev and /proc. So I guess you could check if your LXC got rights to access these two folders.

 

[moxfan]

Enableing nesting will give the LXC access to the hosts /dev and /proc. So I guess you could check if your LXC got rights to access these two folders.

Thanks. Does that mean what I see in the container's /dev and /proc folders are actually the host's /dev and /proc folders?

 

[Dunuin]

Jep, a LXC basically shares the same hardware and linux kernel with the host. Thats also why you see all the hosts CPU cores and RAM if you run top inside the LXC. Your LXC and host are basically the same machine. And your /dev folder isn't a typical filesystem, using /dev will directly link you to the hosts hardware. So if you for example write to /dev/sda you write to your physical disk and not to a folder that is stored on that disk.
So using LXCs is always more risky compared to a VM, because if the LXC gets hacked it is way easier to do bad stuff with your host. Especially if you use privileged LXCs where your LXCs root user is also the root user of your host. So if you are using a privileged LXC with nesting and that LXC gets hacked, the hacker is also your hosts root user and has access to all your hardware and can for example format all of your drives.