This has a similar layout to nixCraft’s

Introduction

I won’t explain what lxc. For that, go read its Wikipedia page or its homepage.

I will say one thing though: the online documentation available on their website is terrible. The getting started guide is only for the latest version. The man pages and online QA or forums were my best bet to get this working.

Installation

First, install the required packages:

sudo zypper install lxc pam_cgfs

That should pull in lxcfs.

Note: I’m using lxc-2.0.9-lp150.2.6.1.x86_64 and pam_cgfs-2.0.8-lp150.1.9.x86_64

Configuration

Check if your kernel has lxc-support with lxc-checkconfig.

Setup permissions

Enable the PAM module by adding it to /etc/pam.d/common-session-pc(1)[pam] :

session optional    pam_cgfs.so -c freezer,memory,name=systemd

This is needed to access the cgroups hierarchy in /sys/fs/cgroup(2).
Make sure to logout and login for the change to take effect.

Add subuids and subgids to your user either by using usermod -v <first-uid>-<last-uid> -w <first-gid>-<last-gid> <user>, or by editing the /etc/subuid and /etc/subgid files manually. Reserve at least 65536 ids just to be safe. Going too low can lead to problems with defaults UID allocations.

For some reason you need to make ~/.local executable. So do that:

chmod o+x ~/.local

Network

If you plan on using the network, create the file /etc/default/lxc-net and fill it with the default configuration (on Debian) as follows:

USE_LXC_BRIDGE="true"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
LXC_DOMAIN=""

Then enable and start the lxc-net systemd service.
This will create the bridge interface named lxbr0. You can check it exists with brctl.

Also, set the setuid bit on lxc-user-nic[setuid bit].
That’s needed for creating new network devices[stgraber].

chmod u+s /usr/lib/lxc/lxc-user-nic

lxc-user-nic depends on the /etc/lxc/lxc-usernet configuration file to limit the number of interfaces created. So create it with the following contents:

<user> veth lxcbr0 <number-of-interfaces>

Container configuration

Now, create the lxc configuration file:

  • Copy /etc/lxc/default.conf to ~/.config/lxc/default.conf
  • Append the two following lines.
    lxc.id_map = u 0 <first-uid> <count>
    lxc.id_map = g 0 <first-gid> <count>
    

    The last two numbers should mirror the contents of /etc/sub{uid,gid}, they are the uid and gid mappings.
    This is the default configuration for all your containers.

Each container you create will have its own configuration in ~/.local/share/lxc/<name>/config.

For network, you want to specify the followinf options in either the default or container configuration:

## Network configuration
lxc.network.type = veth
lxc.network.link = lxcbr0

Creation

Create you new container with:

lxc-create -t download -n my-container

And start it:

lxc-start -n my-container -d

Notes:

(1): I’m not sure if it has to be this file.
(2): I’m unsure about that statement.

Ressources used

Man pages:

  • lxc-user-nic
  • lxc-usernet
  • lxc.container.conf
  • subuid / subgid