mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-13 16:29:51 +00:00
70bb1a9ca7
Signed-off-by: Lars Wikberg <lars.wikberg@anvia.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
97 lines
3.5 KiB
Plaintext
97 lines
3.5 KiB
Plaintext
Please see the COPYING file for details on copying and usage.
|
|
Please refer to the INSTALL file for instructions on how to build.
|
|
|
|
What is lxc:
|
|
|
|
The container technology is actively being pushed into the mainstream linux
|
|
kernel. It provides the resource management through the control groups aka
|
|
process containers and resource isolation through the namespaces.
|
|
|
|
The linux containers, lxc, aims to use these new functionalities to pro-
|
|
vide a userspace container object which provides full resource isolation
|
|
and resource control for an applications or a system.
|
|
|
|
The first objective of this project is to make the life easier for the ker-
|
|
nel developers involved in the containers project and especially to con-
|
|
tinue working on the Checkpoint/Restart new features. The lxc is small
|
|
enough to easily manage a container with simple command lines and complete
|
|
enough to be used for other purposes.
|
|
|
|
Using lxc:
|
|
|
|
Refer the lxc* man pages (generated from doc/* files)
|
|
|
|
Downloading the current source code:
|
|
|
|
Source for the latest released version can always be downloaded from
|
|
http://linuxcontainers.org/downloads/
|
|
|
|
You can browse the up to the minute source code and change history online.
|
|
http://github.com/lxc/lxc
|
|
|
|
For detailed build instruction refer to INSTALL and man lxc man page
|
|
but a short command line should work:
|
|
./autogen.sh && ./configure && make && sudo make install
|
|
preceded by ./autogen.sh if configure do not exist yet.
|
|
|
|
Troubleshooting:
|
|
|
|
If you get an error message at the autogen.sh or configure stage, make
|
|
sure you have, autoconf, automake, pkg-config, make and gcc installed on
|
|
your machine.
|
|
|
|
The configure script will usually give you hints as to what you are missing,
|
|
looking for those in your package manager will usually give you the package
|
|
that you need to install.
|
|
|
|
Also pay a close attention to the feature summary showed at the end of
|
|
the configure run, features are automatically enabled/disabled based on
|
|
whether the needed development packages are installed on your machine.
|
|
If you want a feature but don't know what to install, force it with
|
|
--enable-<feature> and look at the error message from configure.
|
|
|
|
Getting help:
|
|
|
|
when you find you need help, you can check out one of the two
|
|
lxc mailing list archives and register if interested:
|
|
http://lists.linuxcontainers.org/listinfo/lxc-devel
|
|
http://lists.linuxcontainers.org/listinfo/lxc-users
|
|
|
|
Portability:
|
|
|
|
lxc is still in development, so the command syntax and the API can
|
|
change. The version 1.0.0 will be the frozen version.
|
|
|
|
lxc is developed and tested on Linux since kernel mainline version 2.6.27
|
|
(without network) and 2.6.29 with network isolation.
|
|
It's compiled with gcc, and should work on most architectures as long as the
|
|
required kernel features are available. This includes (but isn't limited to):
|
|
i686, x86_64, ppc, ppc64, S390, armel and armhf.
|
|
|
|
AUTHOR
|
|
Daniel Lezcano <daniel.lezcano@free.fr>
|
|
|
|
Seccomp with LXC
|
|
----------------
|
|
|
|
To restrict a container with seccomp, you must specify a profile which is
|
|
basically a whitelist of system calls it may execute. In the container
|
|
config file, add a line like
|
|
|
|
lxc.seccomp = /var/lib/lxc/q1/seccomp.full
|
|
|
|
I created a usable (but basically worthless) seccomp.full file using
|
|
|
|
cat > seccomp.full << EOF
|
|
1
|
|
whitelist
|
|
EOF
|
|
for i in `seq 0 300`; do
|
|
echo $i >> seccomp.full
|
|
done
|
|
for i in `seq 1024 1079`; do
|
|
echo $i >> seccomp.full
|
|
done
|
|
|
|
-- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600
|