Thanks @cburn11, su -c let me issue commands as root to be executed as my non-root user. I wrote a small systemd service file and a bash script which are run by root at boot. For anybody else who stumbles on this problem, here is what I did:
To make your pre-made unprivileged containers start on boot, log in as the user who owns them, stop the containers, and run nano to add the following to their config files:
nano /home/{username}/.local/share/lxc/{containername}/config
lxc.start.auto = 1
For containers created by a non-root user in my Debian Stretch install, I found the config files in /home/{username}/.local/share/lxc/{containername}/config, substituting in the container’s name and its creator’s username. One of these lines may be redundant, but I had no adverse effects from including both. You can add those lines to the default template I found in /home/{username}/.config/lxc/default.conf , which will affect all new containers made by this user.
As root, do the following:
nano /etc/systemd/system/lxc-autostart.service
[Unit]
Description=Runs “lxc-autostart” on boot
[Service]
ExecStart=/z/s1/lxc/lxc-autostart.sh
Type=oneshot
[Install]
WantedBy=default.target
nano /z/s1/lxc/lxc-autostart.sh
#!/bin/bash
#2018-01-20
#lxc-autostart.sh: Starts lxc containers on boot
su -c “lxc-autostart -a” {username}
With no arguments provided, lxc-autostart will start only containers without a group specified by lxc.group in their config. Providing the -a switch will start all containers with lxc.start.auto = 1 regardless of their group.
chmod 755 /z/s1/lxc/lxc-autostart.sh
chmod 755 /etc/systemd/system/lxc-autostart.service
systemctl daemon-reload #Refreshes list of service files
systemctl enable lxc-autostart.service
systemctl start lxc-autostart.service
The chmod lines allow read access to all, and only permit the creator (root) to edit and execute them. daemon-reload refreshes the list of service files, enable sets lxc-autostart to start at boot, and start starts the service so we can test it without a reboot.
Now as your non-root user, run lxc-ls -f to list that user’s containers and their status. If all the containers you want to autostart read “RUNNING” then the systemd service should autostart them on boot.
Edit: Updated container config options