From Fedora Project Wiki

LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Official project website: https://linuxcontainers.org/lxc


Getting started

Installation

# dnf install lxc lxc-templates

If you want to create your own container images additional tools such as Package-x-generic-16.pngdebootstrap for building Debian/Ubuntu-based containers might be required.

Networking

If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or Package-x-generic-16.pnglibvirt or from within LXC with help of the lxc-net script.

lxc-net

LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed Package-x-generic-16.pngdnsmasq instance.

1. Make sure dnsmasq is installed:

# dnf install dnsmasq

2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc:

USE_LXC_BRIDGE="true"

3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net. This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net:

 LXC_BRIDGE="lxcbr0"
 LXC_BRIDGE_MAC="00:16:3e:00:00:00"
 LXC_ADDR="10.0.3.1"
 LXC_NETMASK="255.255.255.0"
 LXC_NETWORK="10.0.3.0/24"
 LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
 LXC_DHCP_MAX="253"
 LXC_DHCP_CONFILE=""
 LXC_DHCP_PING="true"
 LXC_DOMAIN=""
 LXC_IPV6_ADDR=""
 LXC_IPV6_MASK=""
 LXC_IPV6_NETWORK=""
 LXC_IPV6_NAT="false"

4. The bridge and dnsmasq instance are managed via lxc-net.service. To create and persist the bridge, run:

# systemctl enable --now lxc-net.service

Use custom network bridge

If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf.

For example when using the default bridge manged by libvirt, you must change it to:

   lxc.network.type = veth
   lxc.network.link = virbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

SELinux

SELinux currently prevents lxc to start containers, the issue has been reported at #1227071

A possible workaround is to set SELinux to permissive mode.

Create a container

   # lxc-create -n container1 -t ubuntu -- -r xenial
   # lxc-start -n container1
   # lxc-attach -n container1