-Please see the COPYING file for details on copying and usage.
-Please refer to the INSTALL file for instructions on how to build.
-
-What is lxc:
-
- The container technology is actively being pushed into the mainstream linux
- kernel. It provides the resource management through the control groups aka
- process containers and resource isolation through the namespaces.
-
- The linux containers, lxc, aims to use these new functionalities to pro-
- vide an userspace container object which provides full resource isolation
- and resource control for an applications or a system.
-
- The first objective of this project is to make the life easier for the ker-
- nel developers involved in the containers project and especially to con-
- tinue working on the Checkpoint/Restart new features. The lxc is small
- enough to easily manage a container with simple command lines and complete
- enough to be used for other purposes.
-
-Using lxc:
-
- Refer the lxc* man pages (generated from doc/* files)
-
-Downloading the current source code:
-
- Source for the latest released version can always be downloaded from
- http://linuxcontainers.org/downloads/
-
- You can browse the up to the minute source code and change history online.
- http://github.com/lxc/lxc
-
- For detailed build instruction refer to INSTALL and man lxc man page
- but a short command line should work:
- ./autogen.sh && ./configure && make && sudo make install
- preceded by ./autogen.sh if configure do not exist yet.
-
-Troubleshooting:
-
- If the ./autogen.sh script shows the following message: "aclocal: not found",
- you are likely missing the "automake" package. Make sure it's installed and
- try again.
-
- If the ./configure script gives you the following message:
- "configure: error: Please install the libcap development files."
- you are likely missing the "libcap-dev" package.
- The configure script will usually give you hints as to what you are missing,
- looking for those in your package manager will usually give you the package
- that you need to install.
-
-Getting help:
-
- when you find you need help, you can check out one of the two
- lxc mailing list archives and register if interested:
- http://lists.linuxcontainers.org/listinfo/lxc-devel
- http://lists.linuxcontainers.org/listinfo/lxc-users
-
-Portability:
-
- lxc is still in development, so the command syntax and the API can
- change. The version 1.0.0 will be the frozen version.
-
- lxc is developed and tested on Linux since kernel mainline version 2.6.27
- (without network) and 2.6.29 with network isolation.
- It's compiled with gcc, and should work on most architectures as long as the
- required kernel features are available. This includes (but isn't limited to):
- i686, x86_64, ppc, ppc64, S390, armel and armhf.
-
-AUTHOR
- Daniel Lezcano <daniel.lezcano@free.fr>
-
-Seccomp with LXC
-----------------
-
-To restrict a container with seccomp, you must specify a profile which is
-basically a whitelist of system calls it may execute. In the container
-config file, add a line like
-
-lxc.seccomp = /var/lib/lxc/q1/seccomp.full
-
-I created a usable (but basically worthless) seccomp.full file using
-
-cat > seccomp.full << EOF
-1
-whitelist
-EOF
-for i in `seq 0 300`; do
- echo $i >> seccomp.full
-done
-for i in `seq 1024 1079`; do
- echo $i >> seccomp.full
-done
-
- -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600