be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher]>

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek<refentry>

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>

5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek

5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek <refmeta>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refentrytitle>lxc.conf</refentrytitle>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <manvolnum>5</manvolnum>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </refmeta>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refnamediv>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refname>lxc.conf</refname>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refpurpose>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher linux container configuration file

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </refpurpose>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </refnamediv>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher <refsect1>

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek <title>Description</title>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan The linux containers (<command>lxc</command>) are always created

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher before being used. This creation defines a set of system

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan resources to be virtualized / isolated when a process is using

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the container. By default, the pids, sysv ipc and mount points

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan are virtualized and isolated. The other system resources are

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan shared across containers, until they are explicitly defined in

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher the configuration file. For example, if there is no network

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan configuration, the network will be shared between the creator of

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the container and the container itself, but if the network is

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher specified, a new network stack is created for the container and

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher the container can no longer use the network of its ancestor.

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher The configuration file defines the different system resources to

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher be assigned for the container. At present, the utsname, the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan network, the mount points, the root file system and the control

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher groups are supported.

fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek </para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek <para>

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek Each option in the configuration file has the form <command>key

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek = value</command> fitting in one line. The '#' caracter means

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek the line is a comment.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <title>Hostname</title>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher The utsname section defines the hostname to be set for the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan container. That means the container can set its own hostname

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan without changing the one from the system. That makes the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan hostname private for the container.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <variablelist>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.utsname</option>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </term>

fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek <listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher specify the hostname for the container

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek </para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </variablelist>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </refsect2>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <title>Network</title>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher The network section defines how the network is virtualized in

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the container. The network virtualization acts at the layer

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher two, so in order to use the network, a few information should

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher be specified to define the network interfaces to be used by

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the container. Several virtual interfaces can be assigned and

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher used in a container either if the system has only one physical

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan network interface.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <variablelist>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.network.type</option>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher </term>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan specify what kind of network virtualization to be used

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher for the container. Each time

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan a <option>lxc.network.type</option> field is found a new

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan round of network configuration begins. By this way

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher several network virtualization can be specified for the

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher same container, as well as assigning several network

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan interfaces for one container. The different

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher virtualization types can be:

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>empty:</option> a new network stack is created

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan for the container, but it will not contain any network

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher interface.

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <para>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <option>veth:</option> a new network stack is created, a

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan peer network device is created with one side assigned to

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher the container and the other side attached to a bridge

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan specified by the <option>lxc.network.link</option>. The

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan bridge has to be setup before on the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan system, <command>lxc</command> won't handle

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan configuration outside of the container.

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek <para>

5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek <option>macvlan:</option> a new network stack is

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan created, a macvlan interface is linked with the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan interface specified by

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the <option>lxc.network.link</option> and assigned to

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher the container.

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </para>

65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek

5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>phys:</option> a new network stack is created

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan and the interface specified by

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the <option>lxc.network.link</option> is assigned to the

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher container.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.network.flags</option>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan specify an action to do for the

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek network.

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <para><option>up:</option> activates the interface.

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </listitem>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.network.link</option>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <para>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher specify the interface to be used for real network

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan traffic.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <option>lxc.network.name</option>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <para>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan the interface name is dynamically allocated, but if an

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan other name is needed because the configuration files

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher being used by the container use a generic name,

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher eg. eth0, this option will rename the interface in the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan container.

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <option>lxc.network.hwaddr</option>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the interface mac address is dynamically allocated by

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan default to the virtual interface, but in some case, this

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan is needed to resolve a mac address conflict or to have

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher always the same link-locak ipv6 address.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher </listitem>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <varlistentry>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.network.ipv4</option>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <para>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher specify the ipv4 address to assign to the virtualized

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher interface. Several lines specify several ipv4 addresses.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan The address is in format x.y.z.t/m,

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher eg. 192.168.1.123/24.

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <option>lxc.network.ipv6</option>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher specify the ipv6 address to assign to the virtualized

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek interface. Several lines specify several ipv6 addresses.

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek The address is in format x::y/m,

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek eg. 2003:db8:1:0:214:1234:fe0b:3596/64

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek </variablelist>

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </refsect2>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <refsect2>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <title>New pseudo tty instance (devpts)</title>

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek For stricter isolation the container can have its own private

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek instance of the pseudo tty.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <variablelist>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <option>lxc.pts</option>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek If set, the container will have a new pseudo tty

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek instance, making this private to it. The value specifies

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek the maximum number of pseudo ttys allowed for a pts

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek instance (this limitation is not implemented yet).

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </para>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </listitem>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </variablelist>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </refsect2>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <refsect2>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <title>Console through the ttys</title>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek If the container is configured with a root filesystem and the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek inittab file is setup to launch a getty on the ttys. This

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek option will specify the number of ttys to be available for the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek container. The number of getty in the inittab file of the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek container and the number of tty specified in this

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek configuration file should be equal, otherwise the getty will

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek die and respawn indefinitly giving annoying messages on the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek console.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <variablelist>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <option>lxc.tty</option>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek Specify the number of tty to make available to the

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek container.

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </listitem>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </variablelist>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </refsect2>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <refsect2>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <title>Mount points</title>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek The mount points section specifies the different places to be

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek mounted. These mount points will be private to the container

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek and won't be visible by the processes running outside of the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek container. This is useful to mount /etc, /var or /home for

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek examples.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek <variablelist>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <option>lxc.mount</option>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek specify a file location in

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek the <filename>fstab</filename> format, containing the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek mount informations.

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek </varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <varlistentry>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <option>lxc.mount.entry</option>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </term>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <listitem>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek <para>

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek specify a mount point corresponding to a line in the

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek fstab format.

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </variablelist>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <title>Root file system</title>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek The root file system is the location where the container will

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan chroot.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <variablelist>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.rootfs</option>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <para>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek specify a file location containing the new file tree for

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan a root file system.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </variablelist>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <refsect2>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <title>Control group</title>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan The control group section contains the configuration for the

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan different subsystem. <command>lxc</command> does not check the

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher correctness of the subsystem name. This has the inconvenient

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek to have the error being detected at runtime, but the advantage

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan to support any future subsystem.

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <variablelist>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <option>lxc.cgroup.[subsystem name]</option>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem>

056302a92862fda16351d7192600746746f38e5dStephen Gallagher <para>

e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher specify the control group value to be set. This field is

e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher the identifier to tell the following keyword is the

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher literal name of the control group subsystem,

a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek eg. <option>lxc.cgroup.cpuset.cpus</option>

056302a92862fda16351d7192600746746f38e5dStephen Gallagher </para>

e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher </listitem>

e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher </varlistentry>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek </variablelist>

a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek </refsect2>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </refsect1>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect1>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <title>Examples</title>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect2>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <title>Network</title>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <para>This configuration sets up a container to use a veth pair

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan device with one side plugged to a bridge br0 (which has been

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan configured before on the system by the administrator). The

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan virtual network device visible in the container is renamed to

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan eth0.</para>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <variablelist>

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>lxc.utsname = myhostname</term>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>lxc.network.type = veth</term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>lxc.network.flags = up</term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem><para></para></listitem>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <term>lxc.network.link = br0</term>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <listitem><para></para></listitem>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.name = eth0</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <listitem><para></para></listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan

c938f4ba417328fe62eded0806b2d9ca053f34a5Stephen Gallagher <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.network.ipv4 = 1.2.3.5/24</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </variablelist>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher </refsect2>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <refsect2>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek <title>Control group</title>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek <para>This configuration will setup several control groups for

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan the application, cpuset.cpus restricts usage of the defined cpu,

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher cpus.share prioritize the control group, devices.allow makes

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek usable the specified devices.</para>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek <variablelist>

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek <varlistentry>

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek <term>lxc.cgroup.cpuset.cpus = 0,1</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek </varlistentry>

e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek

e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek <varlistentry>

e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek <term>lxc.cgroup.cpu.shares = 1234</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>lxc.cgroup.devices.deny = a</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.cgroup.devices.allow = c 1:3 rw</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <varlistentry>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <term>lxc.cgroup.devices.allow = b 8:0 rw</term>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <listitem><para></para></listitem>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </variablelist>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </refsect2>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <refsect2>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <title>Complex configuration</title>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <para>This example show a complex configuration making a complex

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek network stack, using the control groups, setting a new hostname,

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek mounting some locations and a changing the root file

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek system.</para>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <variablelist>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.utsname = complex</term>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <term>lxc.network.type = veth</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.network.flags = up</term>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.network.link = br0</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <varlistentry>

a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek <term>lxc.network.ipv4 = 1.2.3.5/24</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek <varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <listitem><para></para></listitem>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek </varlistentry>

b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek <varlistentry>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <term>lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588</term>

0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <term>lxc.network.type = macvlan</term>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher <listitem><para></para></listitem>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher </varlistentry>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher <varlistentry>

dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher <term>lxc.network.flags = up</term>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek <listitem><para></para></listitem>

7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>lxc.network.link = eth0</term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.hwaddr = 4a:49:43:49:79:bd</term>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <listitem><para></para></listitem>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.ipv4 = 1.2.3.4/24</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.ipv4 = 192.168.10.125/24</term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <listitem><para></para></listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher </varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.type = phys</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.flags = up</term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <listitem><para></para></listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <term>lxc.network.link = dummy0</term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.hwaddr = 4a:49:43:49:79:ff</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.ipv4 = 1.2.3.6/24</term>

cbe7c54c2caf718bdea7ca6660ba8193d759d2d5Stephen Gallagher <listitem><para></para></listitem>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <varlistentry>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297</term>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <varlistentry>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <term>lxc.cgroup.cpuset.cpus = 0,1</term>

f9fdc87c80f2744780c6a0f2bf5b1b57bcbb095aYuri Chornoivan <listitem><para></para></listitem>

bde69429374859acff41273c0771d2b5f5c199b1Yuri Chornoivan </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <term>lxc.cgroup.cpu.shares = 1234</term>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <listitem><para></para></listitem>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <term>lxc.cgroup.devices.deny = a</term>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <listitem><para></para></listitem>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <term>lxc.cgroup.devices.allow = c 1:3 rw</term>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <listitem><para></para></listitem>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher </varlistentry>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher <varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <term>lxc.cgroup.devices.allow = b 8:0 rw</term>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <listitem><para></para></listitem>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <term>lxc.mount = /etc/fstab.complex</term>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <listitem><para></para></listitem>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </varlistentry>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher <varlistentry>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher <term>lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0</term>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher <listitem><para></para></listitem>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <varlistentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <term>lxc.rootfs = /mnt/rootfs.complex</term>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher <listitem><para></para></listitem>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </varlistentry>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </variablelist>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher </refsect2>

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher

b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher </refsect1>

52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher

e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher <refsect1>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <title>See Also</title>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <simpara>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <citerefentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <refentrytitle><command>chroot</command></refentrytitle>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <manvolnum>1</manvolnum>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </citerefentry>,

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <citerefentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <refentrytitle><command>pivot_root</command></refentrytitle>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <manvolnum>8</manvolnum>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </citerefentry>,

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <citerefentry>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <refentrytitle><filename>fstab</filename></refentrytitle>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek <manvolnum>5</manvolnum>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </citerefentry>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek </simpara>

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek </refsect1>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek &seealso;

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek <refsect1>

e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek <title>Author</title>

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek </refsect1>

481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek</refentry>

524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek

be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek