LXC - Linux Containers

1. Install requirements and templates
   apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap lxc-templates debootstrap apparmor dnsmasq
2. Configure cgroups and set up ranges in /etc/subuid and /etc/subgid:
   

   MYUSERNAME:296608:65536
   root:362144:65536

3. Edit /etc/lxc/lxc-usernet, e.g.:
   

   MYUSERNAME   veth    virbr0  10

4. Edit /etc/default/lxc-net, e.g.:
   

   USE_LXC_BRIDGE="true"
   LXC_BRIDGE="virbr0"
   LXC_ADDR="10.0.3.1"
   LXC_NETMASK="255.255.255.0"
   LXC_NETWORK="10.0.3.0/24"
   LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
   LXC_DHCP_MAX="253"
   LXC_DHCP_CONFILE=""
   LXC_DOMAIN=""

5. Edit /etc/lxc/default.conf:
   

   lxc.net.0.type = veth
   lxc.net.0.link = virbr0
   lxc.net.0.flags = up
   lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
   lxc.idmap = u 0 362144 65536
   lxc.idmap = g 0 362144 65536
   lxc.apparmor.profile = lxc-container-default

   
   Note: use the user's subuid/subguid range as above
   Note: in the MAC address line, you can leave the x's as is; maybe change the first 6 digits

6. systemctl stop dnsmasq
7. systemctl disable dnsmasq
8. systemctl enable lxc-net
9. systemctl restart lxc-net

If you want another user to create and run (unprivileged) containers, copy /etc/lxc/default.conf to $HOME/.config/lxc/default.conf and set the subuid/subgid range accordingly.

One way to do this is replace /var/lib/lxc with a symbolic link to the intended storage location. There is probably a smarter way to do this with an option, but it works.

• lxc-create -t download -n somecontainer
  There will be a selection of distros and releases to choose from.

• Creating a Transmission instance behind a VPN in an LXC container
• Setting up a Munin server and nodes

• linuxcontainers.org - Getting Started
• Debian Wiki - LXC
• Unprivileged LXC containers