Leave keyctl off by default as recommended

misc/all-templates.sh

@@ -77,8 +77,10 @@ TEMPLATE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "All Templat
 NAME=$(echo "$TEMPLATE" | grep -oE '^[^-]+-[^-]+')
 PASS="$(openssl rand -base64 8)"
 CTID=$(pvesh get /cluster/nextid)
+#Recommended default for unprivileged containers is to leave keyctl off
+#https://forum.proxmox.com/threads/how-does-keyctl-works-in-virtual-environments.116414/
 PCT_OPTIONS="
-    -features keyctl=1,nesting=1
+    -features nesting=1
     -hostname $NAME
     -tags proxmox-helper-scripts
     -onboot 0

misc/build.func

@@ -509,11 +509,14 @@ start() {
 build_container() {
 #  if [ "$VERB" == "yes" ]; then set -x; fi
 
-  if [ "$CT_TYPE" == "1" ]; then
+#Recommended default for unprivileged containers is to leave keyctl off
-    FEATURES="keyctl=1,nesting=1"
+#https://forum.proxmox.com/threads/how-does-keyctl-works-in-virtual-environments.116414/
-  else
+  FEATURES="nesting=1"
-    FEATURES="nesting=1"
+#  if [ "$CT_TYPE" == "1" ]; then
-  fi
+#    FEATURES="keyctl=1,nesting=1"
+#  else
+#    FEATURES="nesting=1"
+#  fi
 
 
   TEMP_DIR=$(mktemp -d)

turnkey/turnkey.sh

@@ -98,8 +98,10 @@ turnkey=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "TurnKey LXCs
 # Setup script environment
 PASS="$(openssl rand -base64 8)"
 CTID=$(pvesh get /cluster/nextid)
+#Recommended default for unprivileged containers is to leave keyctl off
+#https://forum.proxmox.com/threads/how-does-keyctl-works-in-virtual-environments.116414/
 PCT_OPTIONS="
-    -features keyctl=1,nesting=1
+    -features nesting=1
     -hostname turnkey-${turnkey}
     -tags proxmox-helper-scripts
     -onboot 1