</para>
<para>
- LXC has supports unprivileged containers. Unprivileged containers are
+ LXC has support for unprivileged containers. Unprivileged containers are
containers that are run without any privilege. This requires support for
user namespaces in the kernel that the container is run on. LXC was the
first runtime to support unprivileged containers after user namespaces
</para>
<para>
- LXC namespaces configuration keys by using single dots. This means complex
+ LXC namespaces configuration keys use single dots. This means complex
configuration keys such as <option>lxc.net.0</option> expose various
subkeys such as <option>lxc.net.0.type</option>,
<option>lxc.net.0.link</option>, <option>lxc.net.0.ipv6.address</option>, and
</term>
<listitem>
<para>
- Specify the proc file name to be set. The file name available
+ Specify the proc file name to be set. The file names available
are those listed under /proc/PID/.
Example:
</para>
network devices are usable in the container. It also
means that if both the container and host have upstart as
init, 'halt' in a container (for instance) will shut down the
- host.
+ host. Note that unprivileged containers do not work with this
+ setting due to an inability to mount sysfs. An unsafe workaround
+ would be to bind mount the host's sysfs.
</para>
<para>
ringbuffer. Note that ringbuffer must be at least as big as a
standard page size. When passed a value smaller than a single page
size liblxc will allocate a ringbuffer of a single page size. A page
- size is usually 4kB.
+ size is usually 4KB.
The keyword 'auto' will cause liblxc to allocate a ringbuffer of
- 128kB.
+ 128KB.
When manually specifying a size for the ringbuffer the value should
be a power of 2 when converted to bytes. Valid size prefixes are
- 'kB', 'MB', 'GB'. (Note that all conversions are based on multiples
- of 1024. That means 'kb' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'.)
+ 'KB', 'MB', 'GB'. (Note that all conversions are based on multiples
+ of 1024. That means 'KB' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'.
+ Additionally, the case of the suffix is ignored, i.e. 'kB', 'KB' and
+ 'Kb' are treated equally.)
</para>
</listitem>
</varlistentry>
<option>lxc.console.logfile</option>. Note that size of the log file
must be at least as big as a standard page size. When passed a value
smaller than a single page size liblxc will set the size of log file
- to a single page size. A page size is usually 4kB.
+ to a single page size. A page size is usually 4KB.
- The keyword 'auto' will cause liblxc to place a limit of 128kB on
+ The keyword 'auto' will cause liblxc to place a limit of 128KB on
the log file.
When manually specifying a size for the log file the value should
be a power of 2 when converted to bytes. Valid size prefixes are
- 'kB', 'MB', 'GB'. (Note that all conversions are based on multiples
- of 1024. That means 'kb' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'.)
+ 'KB', 'MB', 'GB'. (Note that all conversions are based on multiples
+ of 1024. That means 'KB' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'.
+ Additionally, the case of the suffix is ignored, i.e. 'kB', 'KB' and
+ 'Kb' are treated equally.)
If users want to mirror the console ringbuffer on disk they should set
<option>lxc.console.size</option> equal to
itself should be mounted. <filename>overlayfs:/lower:/upper</filename>
specifies that the rootfs should be an overlay with <filename>/upper</filename>
being mounted read-write over a read-only mount of <filename>/lower</filename>.
- <filename>aufs:/lower:/upper</filename> does the same using aufs in place
- of overlayfs. For both <filename>overlayfs</filename> and
- <filename>aufs</filename> multiple <filename>/lower</filename>
+ For <filename>overlay</filename> multiple <filename>/lower</filename>
directories can be specified. <filename>loop:/file</filename> tells lxc to attach
<filename>/file</filename> to a loop device and mount the loop device.
</para>
<listitem>
<para>
Specify the control group value to be set on the unified cgroup
- shierarchy. The controller name is the literal name of the control
+ hierarchy. The controller name is the literal name of the control
group. The permitted names and the syntax of their values is not
dictated by LXC, instead it depends on the features of the Linux
kernel running at the time the container is started, eg.
container should be run can be specified in the container
configuration. The default is <command>lxc-container-default-cgns</command>
if the host kernel is cgroup namespace aware, or
- <command>lxc-container-default</command> othewise.
+ <command>lxc-container-default</command> otherwise.
</para>
<variablelist>
<varlistentry>
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>lxc.monitor.signal.pdeath</option>
+ </term>
+ <listitem>
+ <para>
+ Set the signal to be sent to the container's init when the lxc
+ monitor exits. By default it is set to SIGKILL which will cause
+ all container processes to be killed when the lxc monitor process
+ dies.
+ To ensure that containers stay alive even if lxc monitor dies set
+ this to 0.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
<option>lxc.group</option>
lxc.environment = APP_ENV=production
lxc.environment = SYSLOG_SERVER=192.0.2.42
</programlisting>
+ <para>
+ It is possible to inherit host environment variables by setting the
+ name of the variable without a "=" sign. For example:
+ </para>
+ <programlisting>
+ lxc.environment = PATH
+ </programlisting>
</listitem>
</varlistentry>
</variablelist>
projects / mirror_lxc.git / blobdiff