Linux LXC Containers
This page will help you install, configure and use Linux LXC containers. This tutorial is mainly for Arch Linux but will also work on other distro’s which do not already configure LXC by default like Debian and Ubuntu, on those distro’s
LXC mostly will work out of the box.
LXC containers are virtual “containers” running any flavor of Linux, which you can use for many different purposes:
– You want to play around without breaking your main system
– You want to run a (web,SMB,FTP,etc) server inside a container
– You are developing inside a secure environment which needs specific configurations, you can use pre-made containers for this with pre-configured security measures
What you need:
– Linux
– Internet to install packages
– Coffee and a bit of patience
Like I said, under Debian and Ubuntu (inc distros based on), LXC will work out of the box after installing lxc and the lxc-templates.
Install LXC, LXC templates, iptables, arch-install-scripts and dnsmasq. Use your main package manager to install on non Arch based systems
On Arch Linux:
$ sudo pacman -S lxc iptables dnsmasq arch-install-scripts</code></pre>
# LXC templates are available through AUR, use pacaur or yay or any other AUR helper
$ pacaur -S lxc-templatesWhen everything is installed, create the file /etc/lxc/default.conf and add the following lines:
$ sudo touch /etc/lxc/default.conf
# Add the following
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1Create the file: /etc/default/lxc-net for our lxc network configuration
$ touch /etc/default/lxc-net
# Add the following to our newly created /etc/default/lxc-net file
USE_LXC_BRIDGE="true"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAC="253"Now create the following two files (subuid & subgid)
$ sudo touch /etc/sub{uid,gid}Add the following to the two files you just created (subuid & subgid), I’m using my own account (marc). Needed for mapping of users who are allowed to start the containers
$ sudo vi /etc/subuid
marc: 100000:65536
$ sudo vi /etc/subgid
marc: 100000:65536When creating an unprivileged container, the container will be created in $HOME/.local/share/lxc/
According to the only documentation, the way to achieve this is by entering the first command below within the host system. Furthermore, the default configuration template file is stored under .config/lxc, this directory needs to be created manually.
$ mkdir && chmod +x ~/.local/share/lxc/ -R
$ mkdir .config/lxcCreate the following file in your local config folder
$ touch .config/lxc/default.conf
# Add the following to it:
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536Allow the user from the host system (e.g. marc) to access the lxc bridge allowing maximal 10 virtual Ethernet connections to the bridge in unprivileged mode, create /etc/lxc/lxc-usernet with the following content:
$ sudo vi /etc/lxc/lxc-usernet
marc veth lxcbr0 10Make sure the following services are enabled and running on boot (if you want to autostart lxc)
$ systemctl enable lxc
$ systemctl start lxc
$ systemctl enable lxc-net
$ systemctl start lxc-netNow let’s create an unprivileged container (privileged, use sudo), if you run in to issues, us the: -F flag to get more output and see what went wrong.
$ lxc-create -n debian -t download -- -d debian -r bookworm -a amd64
# Start the container
$ lxc-start debian
# Use the container
$ lxc-attach debian
# Check if networking is working
$ ping something.comIf all ok, you have a new playground and you can create many more.