+[![LXD](https://linuxcontainers.org/static/img/containers.png)](https://linuxcontainers.org/lxd)
# LXC
-* Jenkins: [![Build Status](https://jenkins.linuxcontainers.org/job/lxc-github-commit/badge/icon)](https://jenkins.linuxcontainers.org/job/lxc-github-commit/)
-* Travis: [![Build Status](https://travis-ci.org/lxc/lxc.svg?branch=master)](https://travis-ci.org/lxc/lxc/)
-
LXC is the well-known and heavily tested low-level Linux container runtime. It
is in active development since 2008 and has proven itself in critical
production environments world-wide. Some of its core contributors are the same
people that helped to implement various well-known containerization features
inside the Linux kernel.
+## Status
+Type | Service | Status
+--- | --- | ---
+CI (Linux) | Jenkins | [![Build Status](https://jenkins.linuxcontainers.org/job/lxc-github-commit/badge/icon)](https://jenkins.linuxcontainers.org/job/lxc-github-commit/)
+CI (Linux) | Travis | [![Build Status](https://travis-ci.org/lxc/lxc.svg?branch=master)](https://travis-ci.org/lxc/lxc/)
+Project status | CII Best Practices | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1087/badge)](https://bestpractices.coreinfrastructure.org/projects/1087)
+Static Analysis | Coverity | <a href="https://scan.coverity.com/projects/lxc-linux-containers"> <img alt="Coverity Scan Build Status" src="https://img.shields.io/coverity/scan/369.svg"/> </a>
+
## System Containers
LXC's main focus is system containers. That is, containers which offer an
inside of the container will not be able to boot up correctly.
2. User Namespaces: As outlined above, user namespaces are a big security
- enhancement. However, users which are unprivileged on the host will only be
- able to establish a mapping for their own UID if they do not rely on
- privileged helpers. A standard POSIX system however, requires 65536 UIDs and
- GIDs to be available to guarantee full functionality.
+ enhancement. However, without relying on privileged helpers users who are
+ unprivileged on the host are only permitted to map their own UID into
+ a container. A standard POSIX system however, requires 65536 UIDs and GIDs
+ to be available to guarantee full functionality.
## Configuration
LXC is configured via a simple set of keys. For example,
-- `lxc.rootfs`
+- `lxc.rootfs.path`
- `lxc.mount.entry`
LXC namespaces configuration keys by using single dots. This means complex
-configuration keys such as `lxc.network` expose various subkeys such as
-`lxc.network.type`, `lxc.network.link`, `lxc.network.ipv6`, and others for even
-more fine-grained configuration.
+configuration keys such as `lxc.net.0` expose various subkeys such as
+`lxc.net.0.type`, `lxc.net.0.link`, `lxc.net.0.ipv6.address`, and others for
+even more fine-grained configuration.
LXC is used as the default runtime for [LXD](https://github.com/lxc/lxd),
a container hypervisor exposing a well-designed and stable REST-api on top of
efficiently. If you think you've found a potential security issue, please
report it by e-mail to all of the following persons:
-- serge.hallyn (at) ubuntu (dot) com
+- serge (at) hallyn (dot) com
- stgraber (at) ubuntu (dot) com
- christian.brauner (at) ubuntu (dot) com