Wolfs KB

User Tools

Site Tools

Trace: lxc
You are not allowed to perform this action
lxc

Table of Contents

LXC - Linux Containers

Basic setup to get started

  1. Install requirements and templates
    apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap lxc-templates debootstrap apparmor dnsmasq
  2. Configure cgroups and set up ranges in /etc/subuid and /etc/subgid: 
    MYUSERNAME:296608:65536
root:362144:65536
  3. Edit /etc/lxc/lxc-usernet, e.g.: 
    MYUSERNAME   veth    virbr0  10
  4. Edit /etc/default/lxc-net, e.g.: 
    USE_LXC_BRIDGE="true"
LXC_BRIDGE="virbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
LXC_DOMAIN=""
  5. Edit /etc/lxc/default.conf: 
    lxc.net.0.type = veth
lxc.net.0.link = virbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 362144 65536
lxc.idmap = g 0 362144 65536
lxc.apparmor.profile = lxc-container-default


    Note: use the user's subuid/subguid range as above
    Note: in the MAC address line, you can leave the x's as is; maybe change the first 6 digits

  6. systemctl stop dnsmasq
  7. systemctl disable dnsmasq
  8. systemctl enable lxc-net
  9. systemctl restart lxc-net

User specific configuration

If you want another user to create and run (unprivileged) containers, copy /etc/lxc/default.conf to $HOME/.config/lxc/default.conf and set the subuid/subgid range accordingly.

Change where containers will be stored

One way to do this is replace /var/lib/lxc with a symbolic link to the intended storage location. There is probably a smarter way to do this with an option, but it works.

Creating a container

Example

  • lxc-create -t download -n somecontainer
    There will be a selection of distros and releases to choose from.

Example projects

Troubleshooting

ERROR: Unable to fetch GPG key from keyserver Use a different keyserver, e.g.:
DOWNLOAD_KEYSERVER=keyserver.ubuntu.com lxc-create -t download -n sowieso
alternatively, skip verification (noooot recommended):
lxc-create -n container1 -t download -- --no-validate
lxc-create: maps: conf.c: chown_mapped_root: 3250 lxc-usernsexec failed: No such file or directory Failed to open ttyNo such file or directory Failed to open ttyOperation not permitted Failed to unshare mount and user namespac lxc-create: maps: tools/lxc_create.c: main: 327 Failed to create container maps 1. unprivileged users can't work with subuid 100000-165536
2. sysctl kernel.unprivileged_userns_clone=1
echo “kernel.unprivileged_userns_clone = 1” » /etc/sysctl.d/lxc-unprivileged_userns.conf
lxc.txt · Last modified: by wolfo
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki