[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

This is an old revision of the document!


LXC (Linux Containers)

Introduction

Linux Containers, or LXC, is operating system-level method for running multiple separate isolated Linux installations (containers) on a single host. Rather than simulating the computer hardware as in true virtualization, LXC uses the cgroups and namespaces functionality of the host's Linux kernel to provide strong isolation of the container. It is an intermediate solution between chroots and full virtualization, having a small impact on system resource usage similar to chroots, but providing better isolation. They provide a very convenient way to, among other things, maintain a clean build environment or test software against different [Linux] OS versions.

Setting up a Network Bridge

Before creating your first container, it is helpful to do some prep work. When the container is first created, only a minimal set of packages will be installed, so you will want to be able to use slackpkg or wget to round out your system. Typically, a bridge is created on the host, and the container connects to this bridge using a virtual ethernet interface.

While it is possible to set up the network manually, thankfully LXC contains a utility called lxc-net that can do it for you. As root, open up the file /etc/default/lxc-net, or create it if it doesn't exist, and add this line:

USE_LXC_BRIDGE="true"

Then, to bring up the network bridge, simply enter the command:

/usr/libexec/lxc/lxc-net start

If it worked, there should not be any error messages or other output. You can check that it worked with ifconfig:

# ifconfig lxcbr0
lxcbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.0.3.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::7c17:8ff:fe09:cdcb  prefixlen 64  scopeid 0x20<link>
        ether 00:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 818240  bytes 45813772 (43.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1304901  bytes 3605721321 (3.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The name of the bridge, gateway, netmask, and many other parameters can be modified in /etc/default/lxc/lxc-net. For a complete list, simply open up /usr/libexec/lxc/lxc-net in your favorite editor or pager; there is a comment indicating which variables can be changed.

To actually use this network within the container, there are a few steps that will need to be taken during the initial creation and setup of the container, which will be covered in the next section.

Sources

 howtos:misc:lxc ()