diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1806cb3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+rkt/nginx/nginx.aci
+lxd/busybox-nonroot/busybox-nonroot.tar.xz
diff --git a/lxd/README.md b/lxd/README.md
new file mode 100644
index 0000000..3abca65
--- /dev/null
+++ b/lxd/README.md
@@ -0,0 +1,25 @@
+# lxd-images
+
+Set of images for use with [LXD](https://linuxcontainers.org/lxd/).
+
+
This work is licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic License.
+
+## busybox-nonroot
+
+Running the containers' processes as non-root with ``busybox-nonroot`` is useful when you design applications that do not need root privileges,
+as you will be able to detect problems that would otherwise be unnoticed when running with root privileges.
+
+Create the image tarball with:
+```
+make
+```
+
+This will import the standard ``busybox`` image if you don't already have it.
+
+Afterwards you can import ``busybox-nonroot`` image with:
+```
+make import
+```
+
+This image has a ``nobody`` user defined, so that you can run all processes inside the container as a non-privileged user.
+**NOTE:** this is fundamentally different from root uid/gid mapping (which you should still use, if possible), as explained in [this blog post](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/).
diff --git a/lxd/busybox-nonroot/Makefile b/lxd/busybox-nonroot/Makefile
new file mode 100644
index 0000000..2c149ba
--- /dev/null
+++ b/lxd/busybox-nonroot/Makefile
@@ -0,0 +1,18 @@
+.DEFAULT := all
+.PHONY := all import have-busybox
+
+## current hash of busybox image
+BASEIMG := 6e9df9219c50317368ec1e2b37da8bb1f5edcbefae3bae4bd38f41b56a365d09
+
+all: busybox-nonroot.tar.xz
+
+have-busybox:
+ lxc image info busybox >/dev/null || lxd-images import busybox --alias busybox
+
+busybox-nonroot.tar.xz: have-busybox
+ TMPD=`mktemp -d` && mkdir -p "$$TMPD/rootfs/etc" && \
+ cp overlay/etc/passwd overlay/etc/group "$$TMPD/rootfs/etc/" && cd "$$TMPD" && tar xf /var/lib/lxd/images/$(BASEIMG) && \
+ tar pcfJ $(CURDIR)/$@ rootfs/ metadata.yaml && cd && rm -rf "$$TMPD"
+
+import:
+ lxc image info busybox-nonroot >/dev/null 2>/dev/null || lxc image import busybox-nonroot.tar.xz --alias busybox-nonroot
diff --git a/lxd/busybox-nonroot/metadata.yaml b/lxd/busybox-nonroot/metadata.yaml
new file mode 100644
index 0000000..60d3dbd
--- /dev/null
+++ b/lxd/busybox-nonroot/metadata.yaml
@@ -0,0 +1,11 @@
+{
+ "architecture": "x86_64",
+ "creation_date": 1443204631,
+ "properties": {
+ "architecture": "x86_64",
+ "description": "Busybox with unprivileged user x86_64",
+ "name": "busybox-nonroot-x86_64",
+ "author": "gdm85",
+ "os": "Busybox"
+ }
+}
diff --git a/lxd/busybox-nonroot/overlay/etc/group b/lxd/busybox-nonroot/overlay/etc/group
new file mode 100644
index 0000000..c5f1934
--- /dev/null
+++ b/lxd/busybox-nonroot/overlay/etc/group
@@ -0,0 +1 @@
+nobody:x:1:
diff --git a/lxd/busybox-nonroot/overlay/etc/passwd b/lxd/busybox-nonroot/overlay/etc/passwd
new file mode 100644
index 0000000..d9119cc
--- /dev/null
+++ b/lxd/busybox-nonroot/overlay/etc/passwd
@@ -0,0 +1 @@
+nobody:x:1:1:nobody:/:/bin/sh