README

   1 Please see the COPYING file for details on copying and usage.
   2 Please refer to the INSTALL file for instructions on how to build.
   3
   4 What is lxc:
   5
   6   The container technology is actively being pushed into the mainstream linux
   7   kernel. It provides the resource management through the control groups  aka
   8   process containers and resource isolation through the namespaces.
   9
  10   The  linux  containers, lxc, aims to use these new functionalities to pro-
  11   vide a userspace container object which provides full  resource  isolation
  12   and resource control for an application or a system.
  13
  14   The first objective of this project is to make the life easier for the ker-
  15   nel developers involved in the containers project and  especially  to  con-
  16   tinue  working  on  the  Checkpoint/Restart  new features. The lxc is small
  17   enough to easily manage a container with simple command lines and  complete
  18   enough to be used for other purposes.
  19
  20 Using lxc:
  21
  22   Refer the lxc* man pages (generated from doc/* files)
  23
  24 Downloading the current source code:
  25
  26   Source for the latest released version can always be downloaded from
  27   http://linuxcontainers.org/downloads/
  28
  29   You can browse the up to the minute source code and change history online.
  30   http://github.com/lxc/lxc
  31
  32   For detailed build instruction refer to INSTALL and man lxc man page
  33   but a short command line should work:
  34   ./autogen.sh && ./configure && make && sudo make install
  35   preceded by ./autogen.sh if configure do not exist yet.
  36
  37 Troubleshooting:
  38
  39   If you get an error message at the autogen.sh or configure stage, make
  40   sure you have, autoconf, automake, pkg-config, make and gcc installed on
  41   your machine.
  42
  43   The configure script will usually give you hints as to what you are missing,
  44   looking for those in your package manager will usually give you the package
  45   that you need to install.
  46
  47   Also pay a close attention to the feature summary showed at the end of
  48   the configure run, features are automatically enabled/disabled based on
  49   whether the needed development packages are installed on your machine.
  50   If you want a feature but don't know what to install, force it with
  51   --enable-<feature> and look at the error message from configure.
  52
  53 Getting help:
  54
  55   when you find you need help, you can check out one of the two
  56   lxc mailing list archives and register if interested:
  57   http://lists.linuxcontainers.org/listinfo/lxc-devel
  58   http://lists.linuxcontainers.org/listinfo/lxc-users
  59
  60 Portability:
  61
  62   lxc  is  still  in  development, so the command syntax and the API can
  63   change. The version 1.0.0 will be the frozen version.
  64
  65   lxc is developed and tested on Linux since kernel mainline version 2.6.27
  66   (without network) and 2.6.29 with network isolation.
  67   It's compiled with gcc, and should work on most architectures as long as the
  68   required kernel features are available. This includes (but isn't limited to):
  69   i686, x86_64, ppc, ppc64, S390, armel and armhf.
  70
  71 AUTHOR
  72        Daniel Lezcano <daniel.lezcano@free.fr>
  73
  74 Seccomp with LXC
  75 ----------------
  76
  77 To restrict a container with seccomp, you must specify a profile which is
  78 basically a whitelist of system calls it may execute.  In the container
  79 config file, add a line like
  80
  81 lxc.seccomp = /var/lib/lxc/q1/seccomp.full
  82
  83 I created a usable (but basically worthless) seccomp.full file using
  84
  85 cat > seccomp.full << EOF
  86 1
  87 whitelist
  88 EOF
  89 for i in `seq 0 300`; do
  90     echo $i >> seccomp.full
  91 done
  92 for i in `seq 1024 1079`; do
  93     echo $i >> seccomp.full
  94 done
  95
  96  -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 27 Jul 2012 15:47:02 +0600