]>
Commit | Line | Data |
---|---|---|
14a198d5 MN |
1 | Please see the COPYING file for details on copying and usage. |
2 | Please refer to the INSTALL file for instructions on how to build. | |
7f989f01 | 3 | |
14a198d5 | 4 | What is lxc: |
7f989f01 | 5 | |
14a198d5 MN |
6 | The container technology is actively being pushed into the mainstream linux |
7 | kernel. It provides the resource management through the control groups aka | |
8 | process containers and resource isolation through the namespaces. | |
7f989f01 | 9 | |
e54d6cce | 10 | The linux containers, lxc, aims to use these new functionalities to pro- |
14a198d5 MN |
11 | vide an userspace container object which provides full resource isolation |
12 | and resource control for an applications or a system. | |
7f989f01 | 13 | |
14a198d5 MN |
14 | The first objective of this project is to make the life easier for the ker- |
15 | nel developers involved in the containers project and especially to con- | |
16 | tinue working on the Checkpoint/Restart new features. The lxc is small | |
17 | enough to easily manage a container with simple command lines and complete | |
18 | enough to be used for other purposes. | |
7f989f01 | 19 | |
14a198d5 | 20 | Using lxc: |
7f989f01 | 21 | |
14a198d5 | 22 | Refer the lxc* man pages (generated from doc/* files) |
7f989f01 | 23 | |
14a198d5 | 24 | Downloading the current source code: |
7f989f01 | 25 | |
14a198d5 MN |
26 | Source for the latest released version can always be downloaded from |
27 | http://lxc.sourceforge.net/download/lxc | |
5e97c3fc | 28 | |
14a198d5 MN |
29 | You can browse the up to the minute source code and change history online. |
30 | http://lxc.git.sourceforge.net | |
7f989f01 | 31 | |
e1483a02 SG |
32 | For an even more bleeding edge experience, you may want to look at the |
33 | staging branch where all changes aimed at the next release land before | |
34 | getting pulled into the master branch. | |
35 | http://github.com/lxc/lxc | |
36 | ||
14a198d5 MN |
37 | For detailed build instruction refer to INSTALL and man lxc man page |
38 | but a short command line should work: | |
113c39bf | 39 | ./autogen.sh && ./configure && make && sudo make install |
14a198d5 | 40 | preceded by ./autogen.sh if configure do not exist yet. |
7f989f01 | 41 | |
c5427d7d AW |
42 | Troubleshooting: |
43 | ||
44 | If the ./autogen.sh script shows the following message: "aclocal: not found", | |
45 | you are likely missing the "automake" package. Make sure it's installed and | |
46 | try again. | |
47 | ||
48 | If the ./configure script gives you the following message: | |
49 | "configure: error: Please install the libcap development files." | |
50 | you are likely missing the "libcap-dev" package. | |
51 | The configure script will usually give you hints as to what you are missing, | |
52 | looking for those in your package manager will usually give you the package | |
53 | that you need to install. | |
54 | ||
14a198d5 | 55 | Getting help: |
7f989f01 | 56 | |
14a198d5 MN |
57 | when you find you need help, you can check out one of the two |
58 | lxc mailing list archives and register if interested: | |
59 | https://lists.sourceforge.net/lists/listinfo/lxc-devel | |
60 | https://lists.sourceforge.net/lists/listinfo/lxc-users | |
7f989f01 | 61 | |
14a198d5 | 62 | Portability: |
7f989f01 | 63 | |
14a198d5 MN |
64 | lxc is still in development, so the command syntax and the API can |
65 | change. The version 1.0.0 will be the frozen version. | |
7f989f01 | 66 | |
14a198d5 MN |
67 | lxc is developed and tested on Linux since kernel mainline version 2.6.27 |
68 | (without network) and 2.6.29 with network isolation. | |
e1483a02 SG |
69 | It's compiled with gcc, and should work on most architectures as long as the |
70 | required kernel features are available. This includes (but isn't limited to): | |
71 | i686, x86_64, ppc, ppc64, S390, armel and armhf. | |
5e97c3fc | 72 | |
7f989f01 | 73 | AUTHOR |
74 | Daniel Lezcano <daniel.lezcano@free.fr> | |
8f2c3a70 SH |
75 | |
76 | Seccomp with LXC | |
77 | ---------------- | |
78 | ||
79 | To restrict a container with seccomp, you must specify a profile which is | |
80 | basically a whitelist of system calls it may execute. In the container | |
81 | config file, add a line like | |
82 | ||
83 | lxc.seccomp = /var/lib/lxc/q1/seccomp.full | |
84 | ||
85 | I created a usable (but basically worthless) seccomp.full file using | |
86 | ||
87 | cat > seccomp.full << EOF | |
88 | 1 | |
89 | whitelist | |
90 | EOF | |
91 | for i in `seq 0 300`; do | |
a02264fb | 92 | echo $i >> seccomp.full |
8f2c3a70 SH |
93 | done |
94 | for i in `seq 1024 1079`; do | |
14d9c0f0 | 95 | echo $i >> seccomp.full |
8f2c3a70 SH |
96 | done |
97 | ||
98 | -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600 |