= lxc = Linux Containers * [[https://linuxcontainers.org/lxc/introduction/]] * [[http://www.cyberciti.biz/faq/how-to-create-unprivileged-linux-containers-on-ubuntu-linux/]] * [[http://en.wikipedia.org/wiki/LXC]] LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. LXC provides operating system-level virtualization through a virtual environment that has its own process and network space, instead of creating a full-fledged virtual machine. == Ubuntu precise i386 container on Slackware 14.2 == {{{#!highlight bash lxc-create -t download -n containerx -- -d ubuntu -r precise -a i386 #Setting up the GPG keyring #Downloading the image index #Downloading the rootfs #Downloading the metadata #The image cache is now ready #Unpacking the rootfs # #--- #You just created an Ubuntu container (release=precise, arch=i386, variant=default) # #To enable sshd, run: apt-get install openssh-server # #For security reason, container images ship without user accounts #and without a root password. # #Use lxc-attach or chroot directly into the rootfs to set a root password #or create user accounts. # start a container lxc-start -n containerx -d # list containers lxc-ls --fancy # spawn a new shell running inside an existing container lxc-attach -n containerx # session in containerx cat /etc/os-release #NAME="Ubuntu" #VERSION="12.04.5 LTS, Precise Pangolin" #ID=ubuntu #ID_LIKE=debian #PRETTY_NAME="Ubuntu precise (12.04.5 LTS)" #VERSION_ID="12.04" # run several commands in the container lxc-attach -n containerx -- sh -c 'TESTFILE=/tmp/asd;cat $TESTFILE; echo $TESTFILE' lxc-attach -n containerx -- sh -c 'cat /etc/os-release; dpkg -l;' # containers are stored under /var/lib/lxc/ }}} == Containers in Slackware64 15.0 == * https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html * https://docs.slackware.com/howtos:misc:lxc {{{#!highlight bash su # list available templates and distros lxc-create -t download -n NAME #Setting up the GPG keyring #Downloading the image index # #--- #DIST RELEASE ARCH VARIANT BUILD #--- #almalinux 8 amd64 default 20220224_23:09 #almalinux 8 arm64 default 20220224_23:09 #alpine 3.12 amd64 default 20220225_13:00 #alpine 3.12 arm64 default 20220225_13:01 #alpine 3.12 armhf default 20220225_13:00 #alpine 3.12 i386 default 20220225_13:01 # press ctrl+c to exit lxc-create -t download -n containery -- -d ubuntu -r bionic -a i386 lxc-start -n containery -d lxc-ls --fancy lxc-attach -n containery # in the container lsb_release -a }}} === /etc/cgconfig.conf === {{{ group qwerty { perm { task { uid = vitor; gid = users; } admin { uid = vitor; gid = users; } } cpuset { cgroup.clone_children = 1; cpuset.mems = 0; } cpu {} cpuacct {} blkio {} memory { memory.use_hierarchy = 1; } devices {} freezer {} net_cls {} perf_event {} net_prio {} pids {} } }}} === /etc/cgrules.conf === {{{ vitor * qwerty/ }}} === /etc/subgid === {{{ vitor:100000:65537 }}} === /etc/subuid === {{{ vitor:100000:65537 }}} === /etc/default/lxc-net === {{{#!highlight bash USE_LXC_BRIDGE="true" }}} === /etc/lxc/default.conf === {{{ lxc.net.0.type = empty }}} === ~/.config/lxc/default.conf === {{{ lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536 lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = lxcbr0 }}} === /etc/rc.d/rc.inet1.conf === {{{#!highlight bash USE_DHCP[0]="yes" }}} === /etc/rc.d/rc.local === {{{#!highlight bash echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/brctl addbr lxcbr0 /sbin/brctl setfd lxcbr0 0 /sbin/ifconfig lxcbr0 192.168.100.1 netmask 255.255.255.0 promisc up #/usr/sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE /usr/sbin/iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE /usr/libexec/lxc/lxc-net start }}} === Test steps === {{{#!highlight bash lxc-create -t download -n containery -- -d alpine -r 3.16 -a i386 lxc-start -n containery -d lxc-ls --fancy lxc-attach -n containery # commands inside container ping 8.8.8.8 exit # show containers filesystems locations lxc-config lxc.lxcpath /home/vitor/.local/share/lxc # lxc-stop containery lxc-destroy containery }}} === setup_ssh_container.sh === {{{#!highlight bash CONTAINER=ssh-container lxc-stop $CONTAINER lxc-destroy $CONTAINER lxc-create -t download -n $CONTAINER -- -d alpine -r 3.16 -a i386 lxc-execute -n $CONTAINER -- ash -c "echo 'assd' > /t1.txt" lxc-start -n $CONTAINER -d lxc-attach -n $CONTAINER -- ash -c "/sbin/apk update" lxc-attach -n $CONTAINER -- ash -c "/sbin/apk add --update curl wget nano vim shadow openssh" lxc-attach -n $CONTAINER -- ash -c "mkdir /app" lxc-attach -n $CONTAINER -- ash -c "echo 'root:screencast' | /usr/sbin/chpasswd" lxc-attach -n $CONTAINER -- ash -c "echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config" lxc-attach -n $CONTAINER -- ash -c "echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config" lxc-attach -n $CONTAINER -- ash -c "/sbin/rc-update add sshd" lxc-attach -n $CONTAINER -- ash -c "/sbin/service sshd start" sleep 5 lxc-ls --fancy | grep $CONTAINER }}}