[mirror_lxc.git] / README.md

[![LXD](https://linuxcontainers.org/static/img/containers.png)](https://linuxcontainers.org/lxd)
# LXC

LXC is the well-known and heavily tested low-level Linux container runtime. It
is in active development since 2008 and has proven itself in critical
production environments world-wide. Some of its core contributors are the same
people that helped to implement various well-known containerization features
inside the Linux kernel.

## Status
Type            | Service               | Status
---             | ---                   | ---
CI (Linux)      | Jenkins               | [![Build Status](https://jenkins.linuxcontainers.org/job/lxc-github-commit/badge/icon)](https://jenkins.linuxcontainers.org/job/lxc-github-commit/)
CI (Linux)      | Travis                | [![Build Status](https://travis-ci.org/lxc/lxc.svg?branch=master)](https://travis-ci.org/lxc/lxc/)
Project status  | CII Best Practices    | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1087/badge)](https://bestpractices.coreinfrastructure.org/projects/1087)
Code Quality    | LGTM                  | [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/lxc/lxc.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/lxc/lxc/context:cpp)
Static Analysis | Coverity              | <a href="https://scan.coverity.com/projects/lxc-linux-containers"> <img alt="Coverity Scan Build Status" src="https://img.shields.io/coverity/scan/369.svg"/> </a>

## System Containers

LXC's main focus is system containers. That is, containers which offer an
environment as close as possible as the one you'd get from a VM but without the
overhead that comes with running a separate kernel and simulating all the
hardware.

This is achieved through a combination of kernel security features such as
namespaces, mandatory access control and control groups.

## Unprivileged Containers

Unprivileged containers are containers that are run without any privilege. This
requires support for user namespaces in the kernel that the container is run
on. LXC was the first runtime to support unprivileged containers after user
namespaces were merged into the mainline kernel.

In essence, user namespaces isolate given sets of UIDs and GIDs. This is
achieved by establishing a mapping between a range of UIDs and GIDs on the host
to a different (unprivileged) range of UIDs and GIDs in the container. The
kernel will translate this mapping in such a way that inside the container all
UIDs and GIDs appear as you would expect from the host whereas on the host
these UIDs and GIDs are in fact unprivileged. For example, a process running as
UID and GID 0 inside the container might appear as UID and GID 100000 on the
host. The implementation and working details can be gathered from the
corresponding user namespace man page.

Since unprivileged containers are a security enhancement they naturally come
with a few restrictions enforced by the kernel. In order to provide a fully
functional unprivileged container LXC interacts with 3 pieces of setuid code:

- lxc-user-nic (setuid helper to create a veth pair and bridge it on the host)
- newuidmap (from the shadow package, sets up a uid map)
- newgidmap (from the shadow package, sets up a gid map)

Everything else is run as your own user or as a uid which your user owns.

In general, LXC's goal is to make use of every security feature available in
the kernel. This means LXC's configuration management will allow experienced
users to intricately tune LXC to their needs.

A more detailed introduction into LXC security can be found under the following link

- https://linuxcontainers.org/lxc/security/

### Removing all Privilege

In principle LXC can be run without any of these tools provided the correct
configuration is applied. However, the usefulness of such containers is usually
quite restricted. Just to highlight the two most common problems:

1. Network: Without relying on a setuid helper to setup appropriate network
   devices for an unprivileged user (see LXC's `lxc-user-nic` binary) the only
   option is to share the network namespace with the host. Although this should
   be secure in principle, sharing the host's network namespace is still one
   step of isolation less and increases the attack vector.
   Furthermore, when host and container share the same network namespace the
   kernel will refuse any sysfs mounts. This usually means that the init binary
   inside of the container will not be able to boot up correctly.

2. User Namespaces: As outlined above, user namespaces are a big security
   enhancement. However, without relying on privileged helpers users who are
   unprivileged on the host are only permitted to map their own UID into
   a container. A standard POSIX system however, requires 65536 UIDs and GIDs
   to be available to guarantee full functionality.

## Configuration

LXC is configured via a simple set of keys. For example,

- `lxc.rootfs.path`
- `lxc.mount.entry`

LXC namespaces configuration keys by using single dots. This means complex
configuration keys such as `lxc.net.0` expose various subkeys such as
`lxc.net.0.type`, `lxc.net.0.link`, `lxc.net.0.ipv6.address`, and others for
even more fine-grained configuration.

LXC is used as the default runtime for [LXD](https://github.com/lxc/lxd),
a container hypervisor exposing a well-designed and stable REST-api on top of
it.

## Kernel Requirements

LXC runs on any kernel from 2.6.32 onwards. All it requires is a functional
C compiler. LXC works on all architectures that provide the necessary kernel
features. This includes (but isn't limited to):

- i686
- x86_64
- ppc, ppc64, ppc64le
- s390x
- armvl7, arm64

LXC also supports at least the following C standard libraries:

- glibc
- musl
- bionic (Android's libc)

## Backwards Compatibility

LXC has always focused on strong backwards compatibility. In fact, the API
hasn't been broken from release `1.0.0` onwards. Main LXC is currently at
version `2.*.*`.

## Reporting Security Issues

The LXC project has a good reputation in handling security issues quickly and
efficiently. If you think you've found a potential security issue, please
report it by e-mail to all of the following persons:

- serge (at) hallyn (dot) com
- stgraber (at) ubuntu (dot) com
- christian.brauner (at) ubuntu (dot) com

For further details please have a look at

- https://linuxcontainers.org/lxc/security/

## Becoming Active in LXC development

We always welcome new contributors and are happy to provide guidance when
necessary. LXC follows the kernel coding conventions. This means we only
require that each commit includes a `Signed-off-by` line. The coding style we
use is identical to the one used by the Linux kernel. You can find a detailed
introduction at:

- https://www.kernel.org/doc/html/v4.10/process/coding-style.html

and should also take a look at the [CONTRIBUTING](CONTRIBUTING) file in this
repo.

If you want to become more active it is usually also a good idea to show up in
the LXC IRC channel `#lxc-dev` on `Freenode`. We try to do all development out
in the open and discussion of new features or bugs is done either in
appropriate GitHub issues or on IRC.

When thinking about making security critical contributions or substantial
changes it is usually a good idea to ping the developers first and ask whether
a PR would be accepted.

## Semantic Versioning

LXC and its related projects strictly adhere to a [semantic
versioning](http://semver.org/) scheme.

## Downloading the current source code

Source for the latest released version can always be downloaded from

- https://linuxcontainers.org/downloads/

You can browse the up to the minute source code and change history online

- https://github.com/lxc/lxc

## Building LXC

Without considering distribution specific details a simple

    ./autogen.sh && ./configure && make && sudo make install

is usually sufficient.

In order to test current git master of LXC it is usually a good idea to compile with

    ./autogen.sh && ./configure && make

in a convenient directory and set `LD_LIBRARY_PATH="${BUILD_DIR}"/lxc/src/lxc/.libs`.

## Getting help

When you find you need help, the LXC projects provides you with several options.

### Discuss Forum

We maintain an discuss forum at

- https://discuss.linuxcontainers.org/

where you can get support.

### IRC

You can find support by joining `#lxcontainers` on `Freenode`.

### Mailing Lists

You can check out one of the two LXC mailing list archives and register if
interested:

- http://lists.linuxcontainers.org/listinfo/lxc-devel
- http://lists.linuxcontainers.org/listinfo/lxc-users
Commit	Line	Data
ea033bbc	1	[![LXD](https://linuxcontainers.org/static/img/containers.png)](https://linuxcontainers.org/lxd)
dc46727f CB	2	# LXC
dc46727f CB	3
dc46727f CB	4	LXC is the well-known and heavily tested low-level Linux container runtime. It
	5	is in active development since 2008 and has proven itself in critical
	6	production environments world-wide. Some of its core contributors are the same
	7	people that helped to implement various well-known containerization features
	8	inside the Linux kernel.
	9
ea033bbc CB	10	## Status
	11	Type \| Service \| Status
	12	--- \| --- \| ---
	13	CI (Linux) \| Jenkins \| [![Build Status](https://jenkins.linuxcontainers.org/job/lxc-github-commit/badge/icon)](https://jenkins.linuxcontainers.org/job/lxc-github-commit/)
	14	CI (Linux) \| Travis \| [![Build Status](https://travis-ci.org/lxc/lxc.svg?branch=master)](https://travis-ci.org/lxc/lxc/)
	15	Project status \| CII Best Practices \| [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1087/badge)](https://bestpractices.coreinfrastructure.org/projects/1087)
a62cf72a	16	Code Quality \| LGTM \| [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/lxc/lxc.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/lxc/lxc/context:cpp)
0577a33d	17	Static Analysis \| Coverity \| <a href="https://scan.coverity.com/projects/lxc-linux-containers"> <img alt="Coverity Scan Build Status" src="https://img.shields.io/coverity/scan/369.svg"/> </a>
ea033bbc	18
dc46727f CB	19	## System Containers
	20
	21	LXC's main focus is system containers. That is, containers which offer an
	22	environment as close as possible as the one you'd get from a VM but without the
	23	overhead that comes with running a separate kernel and simulating all the
	24	hardware.
	25
	26	This is achieved through a combination of kernel security features such as
	27	namespaces, mandatory access control and control groups.
	28
	29	## Unprivileged Containers
	30
	31	Unprivileged containers are containers that are run without any privilege. This
	32	requires support for user namespaces in the kernel that the container is run
	33	on. LXC was the first runtime to support unprivileged containers after user
	34	namespaces were merged into the mainline kernel.
	35
	36	In essence, user namespaces isolate given sets of UIDs and GIDs. This is
	37	achieved by establishing a mapping between a range of UIDs and GIDs on the host
	38	to a different (unprivileged) range of UIDs and GIDs in the container. The
	39	kernel will translate this mapping in such a way that inside the container all
	40	UIDs and GIDs appear as you would expect from the host whereas on the host
	41	these UIDs and GIDs are in fact unprivileged. For example, a process running as
	42	UID and GID 0 inside the container might appear as UID and GID 100000 on the
	43	host. The implementation and working details can be gathered from the
	44	corresponding user namespace man page.
	45
	46	Since unprivileged containers are a security enhancement they naturally come
	47	with a few restrictions enforced by the kernel. In order to provide a fully
	48	functional unprivileged container LXC interacts with 3 pieces of setuid code:
	49
	50	- lxc-user-nic (setuid helper to create a veth pair and bridge it on the host)
	51	- newuidmap (from the shadow package, sets up a uid map)
	52	- newgidmap (from the shadow package, sets up a gid map)
	53
	54	Everything else is run as your own user or as a uid which your user owns.
	55
	56	In general, LXC's goal is to make use of every security feature available in
	57	the kernel. This means LXC's configuration management will allow experienced
	58	users to intricately tune LXC to their needs.
	59
	60	A more detailed introduction into LXC security can be found under the following link
	61
	62	- https://linuxcontainers.org/lxc/security/
	63
	64	### Removing all Privilege
	65
	66	In principle LXC can be run without any of these tools provided the correct
	67	configuration is applied. However, the usefulness of such containers is usually
	68	quite restricted. Just to highlight the two most common problems:
	69
	70	1. Network: Without relying on a setuid helper to setup appropriate network
	71	devices for an unprivileged user (see LXC's `lxc-user-nic` binary) the only
	72	option is to share the network namespace with the host. Although this should
	73	be secure in principle, sharing the host's network namespace is still one
	74	step of isolation less and increases the attack vector.
	75	Furthermore, when host and container share the same network namespace the
	76	kernel will refuse any sysfs mounts. This usually means that the init binary
	77	inside of the container will not be able to boot up correctly.
	78
	79	2. User Namespaces: As outlined above, user namespaces are a big security
ac8f64dc CB	80	enhancement. However, without relying on privileged helpers users who are
	81	unprivileged on the host are only permitted to map their own UID into
	82	a container. A standard POSIX system however, requires 65536 UIDs and GIDs
	83	to be available to guarantee full functionality.
dc46727f CB	84
	85	## Configuration
	86
	87	LXC is configured via a simple set of keys. For example,
	88
7a96a068	89	- `lxc.rootfs.path`
dc46727f CB	90	- `lxc.mount.entry`
	91
	92	LXC namespaces configuration keys by using single dots. This means complex
7fa3f2e9	93	configuration keys such as `lxc.net.0` expose various subkeys such as
2e44ae28 CB	94	`lxc.net.0.type`, `lxc.net.0.link`, `lxc.net.0.ipv6.address`, and others for
2e44ae28 CB	95	even more fine-grained configuration.
dc46727f CB	96
	97	LXC is used as the default runtime for [LXD](https://github.com/lxc/lxd),
	98	a container hypervisor exposing a well-designed and stable REST-api on top of
	99	it.
	100
	101	## Kernel Requirements
	102
	103	LXC runs on any kernel from 2.6.32 onwards. All it requires is a functional
	104	C compiler. LXC works on all architectures that provide the necessary kernel
	105	features. This includes (but isn't limited to):
	106
	107	- i686
	108	- x86_64
	109	- ppc, ppc64, ppc64le
	110	- s390x
	111	- armvl7, arm64
	112
	113	LXC also supports at least the following C standard libraries:
	114
	115	- glibc
	116	- musl
	117	- bionic (Android's libc)
	118
	119	## Backwards Compatibility
	120
	121	LXC has always focused on strong backwards compatibility. In fact, the API
	122	hasn't been broken from release `1.0.0` onwards. Main LXC is currently at
	123	version `2..`.
	124
	125	## Reporting Security Issues
	126
	127	The LXC project has a good reputation in handling security issues quickly and
	128	efficiently. If you think you've found a potential security issue, please
	129	report it by e-mail to all of the following persons:
	130
a3cf04da	131	- serge (at) hallyn (dot) com
dc46727f CB	132	- stgraber (at) ubuntu (dot) com
	133	- christian.brauner (at) ubuntu (dot) com
	134
	135	For further details please have a look at
	136
	137	- https://linuxcontainers.org/lxc/security/
	138
	139	## Becoming Active in LXC development
	140
	141	We always welcome new contributors and are happy to provide guidance when
	142	necessary. LXC follows the kernel coding conventions. This means we only
	143	require that each commit includes a `Signed-off-by` line. The coding style we
	144	use is identical to the one used by the Linux kernel. You can find a detailed
	145	introduction at:
	146
	147	- https://www.kernel.org/doc/html/v4.10/process/coding-style.html
	148
	149	and should also take a look at the [CONTRIBUTING](CONTRIBUTING) file in this
	150	repo.
	151
	152	If you want to become more active it is usually also a good idea to show up in
	153	the LXC IRC channel `#lxc-dev` on `Freenode`. We try to do all development out
	154	in the open and discussion of new features or bugs is done either in
154f6474	155	appropriate GitHub issues or on IRC.
dc46727f CB	156
	157	When thinking about making security critical contributions or substantial
	158	changes it is usually a good idea to ping the developers first and ask whether
	159	a PR would be accepted.
	160
	161	## Semantic Versioning
	162
	163	LXC and its related projects strictly adhere to a [semantic
	164	versioning](http://semver.org/) scheme.
	165
	166	## Downloading the current source code
	167
	168	Source for the latest released version can always be downloaded from
	169
	170	- https://linuxcontainers.org/downloads/
	171
	172	You can browse the up to the minute source code and change history online
	173
	174	- https://github.com/lxc/lxc
	175
	176	## Building LXC
	177
	178	Without considering distribution specific details a simple
	179
	180	./autogen.sh && ./configure && make && sudo make install
	181
	182	is usually sufficient.
	183
	184	In order to test current git master of LXC it is usually a good idea to compile with
	185
	186	./autogen.sh && ./configure && make
	187
	188	in a convenient directory and set `LD_LIBRARY_PATH="${BUILD_DIR}"/lxc/src/lxc/.libs`.
	189
	190	## Getting help
	191
	192	When you find you need help, the LXC projects provides you with several options.
	193
	194	### Discuss Forum
	195
	196	We maintain an discuss forum at
	197
	198	- https://discuss.linuxcontainers.org/
	199
	200	where you can get support.
	201
	202	### IRC
	203
	204	You can find support by joining `#lxcontainers` on `Freenode`.
	205
	206	### Mailing Lists
	207
	208	You can check out one of the two LXC mailing list archives and register if
	209	interested:
	210
	211	- http://lists.linuxcontainers.org/listinfo/lxc-devel
	212	- http://lists.linuxcontainers.org/listinfo/lxc-users