Linux Containers (LXC)

For security purposes as well as redundancy concerns most of the services I run are run using the Linux Container technique.

About Linux Containers

Linux containers (abbrv. LXC) are a lightweight visualization technology which share the host kernel so as to minimize the amount of visualization required.


apt-get install lxc

Setup the virtual network on the host

In order to run multiple LXC containers on a manageable network I recommend using a bridged network interface not attached to any physical interface. You can then route traffic as you wish.

auto br0
iface br0 inet static
        address 10.10.x.1
        network 10.10.x.0
        broadcast 10.10.x.255
        pre-up brctl addbr br0
iface br0 inet6 static
        address 2001:aaaa:aaaa:aaaa::1
        netmask 64

You then will need to change the LXC bridged interface configuration in /etc/default/lxc-net where it states


from "true" to "false". Lastly in /etc/default/lxc set LXC_AUTO to "true" if not already. (This enables the containers to be able to auto-start on system boot)

Creating Containers

Prior to creating a container, one might wish to have the /var/lib/lxc (where all the containers will exist) and /var/cache/lxc (where the OS installation files will be downloaded to) directories be mounted to external media or a separate partition. However for a development system this is not needed.

  1. lxc-create -t ubuntu -n name -- -r trusty -a amd64
  2. Now that it's created, start the container with lxc-start -n name -d (the -d flag starts the container in the background
  3. You can now connect with the container via ssh at
    1. ssh ubuntu@ip.ad.dr.ess
    2. password: ubuntu

Container Configuration

An example configuration for a container named "dns" is shown below. This file would be /var/lib/lxc/dns/config

# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template: -r trusty -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# Container specific configuration
lxc.rootfs = /var/lib/lxc/dns/rootfs
lxc.mount = /var/lib/lxc/dns/fstab
lxc.utsname = dns
lxc.arch = amd64
# Network configuration
lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:d9:23:05
lxc.network.flags = up
lxc.network.link = br0
lxc.start.auto = 1

LXC Container Network Configuration

On the container the network should be set to the following configuration in /etc/network/interfaces

auto eth0
iface eth0 inet static
    dns-search example.com
iface eth0 inet6 static
    address 2001:aaaa:aaaa:aaaa::2
    netmask 64
    gateway 2001:aaaa:aaaa:aaaa::1

Command Cheatsheet

  • lxc-ls --fancy : Display the list of LXC containers and status information (running/ipv4 address/ipv6 address/autostart)
  • lxc-start -n name -d : Start the container int he background
  • lxc-stop -n name : Stop the specified container
  • lxc-destroy -n name : Destroy the container and delete all files about the container (requires a stopped container)