From Fedora Project Wiki

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Getting started

Installation

# dnf install lxc lxc-templates

If you want to create your own container images additional tools such as Package-x-generic-16.pngdebootstrap for building Debian/Ubuntu-based containers might be required.

Networking

If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or Package-x-generic-16.pnglibvirt or from within LXC with help of the lxc-net script.

lxc-net

LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed Package-x-generic-16.pngdnsmasq instance.

1. Make sure dnsmasq is installed: 

# dnf install dnsmasq

2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc: 

USE_LXC_BRIDGE="true"

3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net. This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net: 

 LXC_BRIDGE="lxcbr0"
 LXC_BRIDGE_MAC="00:16:3e:00:00:00"
 LXC_ADDR="10.0.3.1"
 LXC_NETMASK="255.255.255.0"
 LXC_NETWORK="10.0.3.0/24"
 LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
 LXC_DHCP_MAX="253"
 LXC_DHCP_CONFILE=""
 LXC_DHCP_PING="true"
 LXC_DOMAIN=""
 LXC_IPV6_ADDR=""
 LXC_IPV6_MASK=""
 LXC_IPV6_NETWORK=""
 LXC_IPV6_NAT="false"

4. The bridge and dnsmasq instance are managed via lxc-net.service. To create and persist the bridge, run: 

# systemctl enable --now lxc-net.service

Use custom network bridge

If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf.

For example when using the default bridge manged by libvirt, you must change it to: 

   lxc.network.type = veth
   lxc.network.link = virbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

SELinux

SELinux currently prevents lxc to start containers, the issue has been reported at #1227071

A possible workaround is to set SELinux to permissive mode.

Create a container

   # lxc-create -n container1 -t ubuntu -- -r xenial
   # lxc-start -n container1
   # lxc-attach -n container1
Retrieved from "https://fedoraproject.org/w/index.php?title=LXC&oldid=527393"