[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

This is an old revision of the document!


LXC (Linux Containers)

Introduction

Linux Containers, or LXC, is operating system-level method for running multiple separate isolated Linux installations (containers) on a single host. Rather than simulating the computer hardware as in true virtualization, LXC uses the cgroups and namespaces functionality of the host's Linux kernel to provide strong isolation of the container. It is an intermediate solution between chroots and full virtualization, having a small impact on system resource usage similar to chroots, but providing better isolation. They provide a very convenient way to, among other things, maintain a clean build environment or test software against different [Linux] OS versions.

Setting up a Network Bridge

Before creating your first container, it is helpful to do some prep work. When the container is first created, only a minimal set of packages will be installed, so you will want to be able to use slackpkg or wget to round out your system. Typically, a bridge is created on the host, and the container connects to this bridge using a virtual ethernet interface.

While it is possible to set up the network manually, thankfully LXC contains a utility called lxc-net that can do it for you. As root, open up the file /etc/default/lxc-net, or create it if it doesn't exist, and add this line:

USE_LXC_BRIDGE="true"

Then, to bring up the network bridge, simply enter the command:

/usr/libexec/lxc/lxc-net start

Note that you may need to create the directory /var/lib/misc first for this to work. If it worked, there should not be any error messages or other output. You can check that it worked with ifconfig:

# ifconfig lxcbr0
lxcbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.0.3.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::7c17:8ff:fe09:cdcb  prefixlen 64  scopeid 0x20<link>
        ether 00:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 818240  bytes 45813772 (43.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1304901  bytes 3605721321 (3.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The name of the bridge, gateway, netmask, and many other parameters can be modified in /etc/default/lxc/lxc-net. For a complete list, simply open up /usr/libexec/lxc/lxc-net in your favorite editor or pager; there is a comment indicating which variables can be changed.

To actually use this network within the container, there are a few steps that will need to be taken during the initial creation and setup of the container, which will be covered in the next section.

Creating a Container

To create a new container, the lxc-create command will be used. However, there are some initial configuration steps you may want to take first. By default, all containers will go in /var/lib/lxc. If you're like me, /var is mounted on / and doesn't have enough space for multiple full container installs of Slackware! You can change the container path in /etc/lxc/lxc.conf (e.g., by pointing it to /home):

lxc.lxcpath = /home/lxc_containers

The basic command to create a new container is as follows:

lxc-create -n container_name -t template_name -f /path/to/config

The config file, specified after the -f flag, can be fairly simple. Here is a sample, which sets only some network parameters:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0

This sample config uses a virtual ethernet interface connecting to the bridge on the host called lxcbr0. For additional available configuration options, see the lxc.container.conf manpage. Note that once the container is created, a new config file will be created within the container's top-level directory containing the full range of config settings; this file is read upon container startup and can be edited to modify the container's behavior after creation.

The template file, specified after the -t flag, can be any of the ones present in /usr/share/lxc/templates. For example, for Slackware, you would use:

lxc-create -n container_name -t slackware -f /path/to/config

The Slackware template accepts a number of environment variables. The most important of these are release and arch. release defaults to current, and arch defaults to the architecture of the host machine. It is also possible to specify the slackpkg mirror as an environment variable. For example, here is how one could create a container for Slackware64-14.2 using a US mirror:

arch=x86_64 release=14.2 MIRROR=http://mirrors.us.kernel.org/slackware lxc-create -n Slackware64-14.2 -t slackware -f /path/to/config

When lxc-create is created, the container will be created at lxcpath/container_name, and slackpkg will download and install the packages needed for a minimal install. The mirror will also be appended to /etc/slackpkg/mirrors.

Container Configuration

Logging In

Network

Sharing Directories with the Host

Checking Container Status

Sources

 howtos:misc:lxc ()