]>
Commit | Line | Data |
---|---|---|
14a198d5 MN |
1 | Please see the COPYING file for details on copying and usage. |
2 | Please refer to the INSTALL file for instructions on how to build. | |
7f989f01 | 3 | |
14a198d5 | 4 | What is lxc: |
7f989f01 | 5 | |
14a198d5 MN |
6 | The container technology is actively being pushed into the mainstream linux |
7 | kernel. It provides the resource management through the control groups aka | |
8 | process containers and resource isolation through the namespaces. | |
7f989f01 | 9 | |
e54d6cce | 10 | The linux containers, lxc, aims to use these new functionalities to pro- |
14a198d5 MN |
11 | vide an userspace container object which provides full resource isolation |
12 | and resource control for an applications or a system. | |
7f989f01 | 13 | |
14a198d5 MN |
14 | The first objective of this project is to make the life easier for the ker- |
15 | nel developers involved in the containers project and especially to con- | |
16 | tinue working on the Checkpoint/Restart new features. The lxc is small | |
17 | enough to easily manage a container with simple command lines and complete | |
18 | enough to be used for other purposes. | |
7f989f01 | 19 | |
14a198d5 | 20 | Using lxc: |
7f989f01 | 21 | |
14a198d5 | 22 | Refer the lxc* man pages (generated from doc/* files) |
7f989f01 | 23 | |
14a198d5 | 24 | Downloading the current source code: |
7f989f01 | 25 | |
14a198d5 | 26 | Source for the latest released version can always be downloaded from |
07520b2a | 27 | http://linuxcontainers.org/downloads/ |
5e97c3fc | 28 | |
14a198d5 | 29 | You can browse the up to the minute source code and change history online. |
e1483a02 SG |
30 | http://github.com/lxc/lxc |
31 | ||
14a198d5 MN |
32 | For detailed build instruction refer to INSTALL and man lxc man page |
33 | but a short command line should work: | |
113c39bf | 34 | ./autogen.sh && ./configure && make && sudo make install |
14a198d5 | 35 | preceded by ./autogen.sh if configure do not exist yet. |
7f989f01 | 36 | |
c5427d7d AW |
37 | Troubleshooting: |
38 | ||
385e8e8c SG |
39 | If you get an error message at the autogen.sh or configure stage, make |
40 | sure you have, autoconf, automake, pkg-config, make and gcc installed on | |
41 | your machine. | |
c5427d7d | 42 | |
c5427d7d AW |
43 | The configure script will usually give you hints as to what you are missing, |
44 | looking for those in your package manager will usually give you the package | |
45 | that you need to install. | |
46 | ||
385e8e8c SG |
47 | Also pay a close attention to the feature summary showed at the end of |
48 | the configure run, features are automatically enabled/disabled based on | |
49 | whether the needed development packages are installed on your machine. | |
50 | If you want a feature but don't know what to install, force it with | |
51 | --enable-<feature> and look at the error message from configure. | |
52 | ||
14a198d5 | 53 | Getting help: |
7f989f01 | 54 | |
14a198d5 MN |
55 | when you find you need help, you can check out one of the two |
56 | lxc mailing list archives and register if interested: | |
4ed0b622 SG |
57 | http://lists.linuxcontainers.org/listinfo/lxc-devel |
58 | http://lists.linuxcontainers.org/listinfo/lxc-users | |
7f989f01 | 59 | |
14a198d5 | 60 | Portability: |
7f989f01 | 61 | |
14a198d5 MN |
62 | lxc is still in development, so the command syntax and the API can |
63 | change. The version 1.0.0 will be the frozen version. | |
7f989f01 | 64 | |
14a198d5 MN |
65 | lxc is developed and tested on Linux since kernel mainline version 2.6.27 |
66 | (without network) and 2.6.29 with network isolation. | |
e1483a02 SG |
67 | It's compiled with gcc, and should work on most architectures as long as the |
68 | required kernel features are available. This includes (but isn't limited to): | |
69 | i686, x86_64, ppc, ppc64, S390, armel and armhf. | |
5e97c3fc | 70 | |
7f989f01 | 71 | AUTHOR |
72 | Daniel Lezcano <daniel.lezcano@free.fr> | |
8f2c3a70 SH |
73 | |
74 | Seccomp with LXC | |
75 | ---------------- | |
76 | ||
77 | To restrict a container with seccomp, you must specify a profile which is | |
78 | basically a whitelist of system calls it may execute. In the container | |
79 | config file, add a line like | |
80 | ||
81 | lxc.seccomp = /var/lib/lxc/q1/seccomp.full | |
82 | ||
83 | I created a usable (but basically worthless) seccomp.full file using | |
84 | ||
85 | cat > seccomp.full << EOF | |
86 | 1 | |
87 | whitelist | |
88 | EOF | |
89 | for i in `seq 0 300`; do | |
a02264fb | 90 | echo $i >> seccomp.full |
8f2c3a70 SH |
91 | done |
92 | for i in `seq 1024 1079`; do | |
14d9c0f0 | 93 | echo $i >> seccomp.full |
8f2c3a70 SH |
94 | done |
95 | ||
96 | -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600 |