2024-04-05 23:35:14 +02:00
..
2024-04-05 23:35:14 +02:00
2024-04-05 23:35:14 +02:00
2024-04-05 23:35:14 +02:00

First, your kernel needs to be configured correctly to be able to use LXC.
Enable the following options in your kernel config:
CONFIG_NAMESPACES
CONFIG_UTS_NS
CONFIG_IPC_NS
CONFIG_PID_NS
CONFIG_USER_NS
CONFIG_NET_NS
CONFIG_CGROUPS
CONFIG_CGROUP_NS
CONFIG_CGROUP_DEVICE
CONFIG_CGROUP_SCHED
CONFIG_CGROUP_CPUACCT
CONFIG_CGROUP_FREEZER
CONFIG_CGROUP_RDMA
CONFIG_CGROUP_PIDS
CONFIG_BLK_CGROUP
CONFIG_MEMCG
CONFIG_MEMCG_SWAP
CONFIG_CPUSETS
CONFIG_VETH
CONFIG_BRIDGE
CONFIG_MACVLAN
CONFIG_VLAN_8021Q
CONFIG_NETFILTER_ADVANCED
CONFIG_NF_NAT_IPV4
CONFIG_NF_NAT_IPV6
CONFIG_IP_NF_TARGET_MASQUERADE
CONFIG_IP6_NF_TARGET_MASQUERADE
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
CONFIG_NETFILTER_XT_MATCH_COMMENT
CONFIG_FUSE_FS
CONFIG_CHECKPOINT_RESTORE
CONFIG_FHANDLE
CONFIG_EVENTFD
CONFIG_EPOLL
CONFIG_UNIX_DIAG
CONFIG_INET_DIAG
CONFIG_PACKET_DIAG
CONFIG_NETLINK_DIAG

Second, you need to edit /etc/lxc/default.conf to suite your desired
container setup. The default network configuration is designed to use
the default LXC managed bridge which relies on NAT to provide access
to any external networks. Be sure to modify this if you wish to do
something different. Also, if unprivileged containers are desired,
then be sure to uncomment the uidmap configuration.

Third, you need to edit /etc/rc.conf to enable any desired LXC services.
First, the lxc-cgroups service needs to be enabled and placed before any
other LXC services for LXC to function correctly. Next, the lxc-net
service should be enabled and placed before lxc if you are wanting LXC to
manage your container networking. Last, the lxc service should be enabled
and placed after any other LXC services if you are wanting LXC to manage
the startup of your containers.

Fourth, if you are wanting to allow unprivileged users to use LXC containers,
then you will need to do some setup. First, be sure that you have enabled LXC
unprivileged containers as is documented above. Second, you need to edit
/etc/lxc/lxc-usernet and add any users that you wish to have access to LXC
unprivileged containers. The comments in the file will show how to do this.
Third, you need to run the following command to setup each user, which will
create the subuids, create the subgids, setup their BASH profile for LXC,
and create their initial LXC configuration file: lxc-users-setup
Please note that you will also need to reboot or restart the lxc-cgroups
service for the new user cgroups to be available for use. Last, if you are
wanting LXC to manage the startup of your user containers, be sure to place
the lxc-users service after lxc in the /etc/rc.conf file.

Fifth, you need to add the following line to /etc/pam.d/common-session:
session   optional    pam_cgfs.so -c all

Now you are ready to start using LXC. See below for some examples of basic
usage of LXC.

You can create a container using lxc-create:
lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64

You can start this container using lxc-start:
lxc-start -n alpine

You can get a shell in this container using lxc-attach:
lxc-attach -n alpine

You can run arbitrary commands in this container using lxc-attach:
lxc-attach -n alpine -- echo Hello World!

You can stop this container using lxc-stop:
lxc-stop -n alpine

You can start LXC containers at boot by adding this line to your
container configuration:
lxc.start.auto = 1