6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen]>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen<refentry>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refmeta>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refentrytitle>lxc.conf</refentrytitle>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <manvolnum>5</manvolnum>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refmeta>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen <refnamediv>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen <refname>lxc.conf</refname>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen <refpurpose>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen linux container configuration file

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refpurpose>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refnamediv>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refsect1>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <title>Description</title>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen The linux containers (<command>lxc</command>) are always created

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen before being used. This creation defines a set of system

4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen resources to be virtualized / isolated when a process is using

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen the container. By default, the pids, sysv ipc and mount points

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen are virtualized and isolated. The other system resources are

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen shared across containers, until they are explicitly defined in

68f0dfb4b2815ecbc1bd8d8a68adcfd577ec55aeTimo Sirainen the configuration file. For example, if there is no network

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen configuration, the network will be shared between the creator of

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the container and the container itself, but if the network is

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specified, a new network stack is created for the container and

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen the container can no longer use the network of its ancestor.

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </para>

9c2b0eb659540b9db8dd3a8a6a2515921fbe8eebTimo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen <para>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen The configuration file defines the different system resources to

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen be assigned for the container. At present, the utsname, the

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen network, the mount points, the root file system and the control

892b3cbf0eba9ba455448adcf71864a409345c6dTimo Sirainen groups are supported.

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </para>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

f4c0b1874b0533bcf2df1d28d584ff02cfdae3faTimo Sirainen <para>

f4c0b1874b0533bcf2df1d28d584ff02cfdae3faTimo Sirainen Each option in the configuration file has the form <command>key

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen = value</command> fitting in one line. The '#' character means

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen the line is a comment.

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </para>

0db5b158a00c08955bdacc99b1e2cd1ec07f4311Timo Sirainen

0db5b158a00c08955bdacc99b1e2cd1ec07f4311Timo Sirainen <refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <title>Hostname</title>

d16b506f5540e3407d256bda35624b38a5ecf88fTimo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen The utsname section defines the hostname to be set for the

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen container. That means the container can set its own hostname

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen without changing the one from the system. That makes the

554c1c792dc6fce1e25c74555c2da786bffde75fTimo Sirainen hostname private for the container.

554c1c792dc6fce1e25c74555c2da786bffde75fTimo Sirainen </para>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen <variablelist>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen <varlistentry>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <term>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <option>lxc.utsname</option>

6df2db16b3920346ed07cefb86e8bdcb7e1faec5Timo Sirainen </term>

6df2db16b3920346ed07cefb86e8bdcb7e1faec5Timo Sirainen <listitem>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <para>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen specify the hostname for the container

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </para>

35f3b7e05afecacd0332c210c6e253911c2813d8Timo Sirainen </listitem>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </varlistentry>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </variablelist>

35f3b7e05afecacd0332c210c6e253911c2813d8Timo Sirainen </refsect2>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <refsect2>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <title>Network</title>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <para>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen The network section defines how the network is virtualized in

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen the container. The network virtualization acts at layer

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen two. In order to use the network virtualization, parameters

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen must be specified to define the network interfaces of the

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen container. Several virtual interfaces can be assigned and used

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen in a container even if the system has only one physical

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen network interface.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <variablelist>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <term>

407caeb5d0c8a6b158e2caef48dd909011d40340Timo Sirainen <option>lxc.network.type</option>

407caeb5d0c8a6b158e2caef48dd909011d40340Timo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specify what kind of network virtualization to be used

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen for the container. Each time

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen a <option>lxc.network.type</option> field is found a new

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen round of network configuration begins. In this way,

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen several network virtualization types can be specified

a54fa00087ba926a3d966a8449d8d7579e89911cTimo Sirainen for the same container, as well as assigning several

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen network interfaces for one container. The different

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen virtualization types can be:

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>empty:</option> will create only the loopback

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen interface.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>veth:</option> a peer network device is created

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen with one side assigned to the container and the other

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen side is attached to a bridge specified by

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the <option>lxc.network.link</option>. If the bridge is

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen not specified, then the veth pair device will be created

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen but not attached to any bridge. Otherwise, the bridge

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen has to be setup before on the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen system, <command>lxc</command> won't handle any

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen configuration outside of the container. By

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen default <command>lxc</command> choose a name for the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen network device belonging to the outside of the

2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainen container, this name is handled

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen by <command>lxc</command>, but if you wish to handle

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen this name yourself, you can tell <command>lxc</command>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen to set a specific name with

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the <option>lxc.network.veth.pair</option> option.

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen </para>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>vlan:</option> a vlan interface is linked with

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the interface specified by

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the <option>lxc.network.link</option> and assigned to

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the container. The vlan identifier is specified with the

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen option <option>lxc.network.vlan.id</option>.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen <option>macvlan:</option> a macvlan interface is linked

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen with the interface specified by

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the <option>lxc.network.link</option> and assigned to

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the container.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>lxc.network.macvlan.mode</option> specifies the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen mode the macvlan will use to communicate between

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen different macvlan on the same upper device. The accepted

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen modes are <option>private</option>, the device never

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen communicates with any other device on the same upper_dev (default),

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>vepa</option>, the new Virtual Ethernet Port

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen Aggregator (VEPA) mode, it assumes that the adjacent

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen bridge returns all frames where both source and

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen destination are local to the macvlan port, i.e. the

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen bridge is set up as a reflective relay. Broadcast

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen frames coming in from the upper_dev get flooded to all

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen macvlan interfaces in VEPA mode, local frames are not

d16b506f5540e3407d256bda35624b38a5ecf88fTimo Sirainen delivered locallay, or <option>bridge</option>, it

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen provides the behavior of a simple bridge between

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen different macvlan interfaces on the same port. Frames

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen from one interface to another one get delivered directly

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen and are not sent out externally. Broadcast frames get

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen flooded to all other bridge ports and to the external

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen interface, but when they come back from a reflective

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen relay, we don't deliver them again. Since we know all

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen the MAC addresses, the macvlan bridge mode does not

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen require learning or STP like the bridge module does.

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <option>phys:</option> an already existing interface

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen specified by the <option>lxc.network.link</option> is

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen assigned to the container.

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </listitem>

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen </varlistentry>

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <option>lxc.network.flags</option>

a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen <para>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen specify an action to do for the

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen network.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para><option>up:</option> activates the interface.

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen </para>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen </listitem>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen </varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen <varlistentry>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen <term>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen <option>lxc.network.link</option>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen specify the interface to be used for real network

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen traffic.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen </listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </varlistentry>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen <varlistentry>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen <term>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen <option>lxc.network.name</option>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen </term>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen <listitem>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen <para>

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen the interface name is dynamically allocated, but if

a99b64f7d63812806ee40c2e8a347343fa3b84a7Timo Sirainen another name is needed because the configuration files

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen being used by the container use a generic name,

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen eg. eth0, this option will rename the interface in the

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen container.

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen </para>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

1d132fe27d010b73aacc605b4c6257b0079f9e97Timo Sirainen <varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <option>lxc.network.hwaddr</option>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen the interface mac address is dynamically allocated by

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen default to the virtual interface, but in some cases,

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen this is needed to resolve a mac address conflict or to

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen always have the same link-local ipv6 address

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </para>

af98c413eebe0c8c49fbe785fc34915c92ebe8c1Timo Sirainen </listitem>

af98c413eebe0c8c49fbe785fc34915c92ebe8c1Timo Sirainen </varlistentry>

af98c413eebe0c8c49fbe785fc34915c92ebe8c1Timo Sirainen

af98c413eebe0c8c49fbe785fc34915c92ebe8c1Timo Sirainen <varlistentry>

9349a0afffad990e45d3ad33081e1d2d9e68a753Timo Sirainen <term>

4c9c55e15f35474f53f11659e796c63b1c34e884Timo Sirainen <option>lxc.network.ipv4</option>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </term>

4c9c55e15f35474f53f11659e796c63b1c34e884Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specify the ipv4 address to assign to the virtualized

a94936bafd127680184da114c6a177b37ff656e5Timo Sirainen interface. Several lines specify several ipv4 addresses.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen The address is in format x.y.z.t/m,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen eg. 192.168.1.123/24.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <varlistentry>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <term>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <option>lxc.network.ipv6</option>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen </term>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <listitem>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <para>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen specify the ipv6 address to assign to the virtualized

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen interface. Several lines specify several ipv6 addresses.

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen The address is in format x::y/m,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen eg. 2003:db8:1:0:214:1234:fe0b:3596/64

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </listitem>

a94936bafd127680184da114c6a177b37ff656e5Timo Sirainen </varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </variablelist>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

af98c413eebe0c8c49fbe785fc34915c92ebe8c1Timo Sirainen </refsect2>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen <refsect2>

22627da0fb77c1d0d9a8e8bc485ef5540b6f2e69Timo Sirainen <title>New pseudo tty instance (devpts)</title>

3e28b527dd6048a40684afd29cff0ee008fc0014Timo Sirainen <para>

3e28b527dd6048a40684afd29cff0ee008fc0014Timo Sirainen For stricter isolation the container can have its own private

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen instance of the pseudo tty.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <variablelist>

ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen <varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <option>lxc.pts</option>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <para>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen If set, the container will have a new pseudo tty

ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen instance, making this private to it. The value specifies

ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen the maximum number of pseudo ttys allowed for a pts

2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainen instance (this limitation is not implemented yet).

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen </listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </varlistentry>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen </variablelist>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen </refsect2>

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <refsect2>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <title>Console through the ttys</title>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <para>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen If the container is configured with a root filesystem and the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen inittab file is setup to launch a getty on the ttys. This

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen option will specify the number of ttys to be available for the

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen container. The number of getty in the inittab file of the

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen container should not be greater than the number of ttys

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen specified in this configuration file, otherwise the excess

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen getty sessions will die and respawn indefinitly giving

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen annoying messages on the console.

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <variablelist>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <term>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <option>lxc.tty</option>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen Specify the number of tty to make available to the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen container.

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </para>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </varlistentry>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </variablelist>

b457d2ecf97fb52064f9dd563fd4e8065af39dfbTimo Sirainen </refsect2>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <title>Mount points</title>

a1aaf11831cab8346d6d0dc702e37b3f1d95eb43Timo Sirainen <para>

a1aaf11831cab8346d6d0dc702e37b3f1d95eb43Timo Sirainen The mount points section specifies the different places to be

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen mounted. These mount points will be private to the container

a1aaf11831cab8346d6d0dc702e37b3f1d95eb43Timo Sirainen and won't be visible by the processes running outside of the

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen container. This is useful to mount /etc, /var or /home for

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen examples.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

c44f402f17f9a58ead24ac0083945cae86fb172bTimo Sirainen <variablelist>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <option>lxc.mount</option>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specify a file location in

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen the <filename>fstab</filename> format, containing the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen mount informations.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen </listitem>

e20e638805c4bd54e039891a3e92760b1dfa189aTimo Sirainen </varlistentry>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen

e20e638805c4bd54e039891a3e92760b1dfa189aTimo Sirainen <varlistentry>

e20e638805c4bd54e039891a3e92760b1dfa189aTimo Sirainen <term>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen <option>lxc.mount.entry</option>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen </term>

1ac19c5c2b66a12f5598792aad15114ee3eb62e2Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specify a mount point corresponding to a line in the

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen fstab format.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </listitem>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </varlistentry>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </variablelist>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </refsect2>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <refsect2>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <title>Root file system</title>

68f0dfb4b2815ecbc1bd8d8a68adcfd577ec55aeTimo Sirainen <para>

e958a3c4573058f17999f0083a34080ca35e34d8Timo Sirainen The root file system is the location where the container will

e958a3c4573058f17999f0083a34080ca35e34d8Timo Sirainen chroot.

e958a3c4573058f17999f0083a34080ca35e34d8Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <variablelist>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <option>lxc.rootfs</option>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </term>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen specify a file location containing the new file tree for

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen a root file system.

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </varlistentry>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </variablelist>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </refsect2>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refsect2>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <title>Control group</title>

68f0dfb4b2815ecbc1bd8d8a68adcfd577ec55aeTimo Sirainen <para>

1856c361aad526948d56d8aafd576bca94516b92Timo Sirainen The control group section contains the configuration for the

1856c361aad526948d56d8aafd576bca94516b92Timo Sirainen different subsystem. <command>lxc</command> does not check the

68f0dfb4b2815ecbc1bd8d8a68adcfd577ec55aeTimo Sirainen correctness of the subsystem name. This has the disadvantage

3656c91dcb8336814bebd4500e81c3dde25233e6Timo Sirainen of not detecting configuration errors until the container is

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen started, but has the advantage of permitting any future

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen subsystem.

2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <variablelist>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <term>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <option>lxc.cgroup.[subsystem name]</option>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen </term>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen specify the control group value to be set. The

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen subsystem name is the literal name of the control group

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen subsystem. The permitted names and the syntax of their

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen values is not dictated by LXC, instead it depends on the

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen features of the Linux kernel running at the time the

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen container is started,

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen eg. <option>lxc.cgroup.cpuset.cpus</option>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </listitem>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </variablelist>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refsect2>

2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainen <title>Capabilities</title>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen The capabilities can be dropped in the container if this one

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen is run as root.

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <variablelist>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <varlistentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <term>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <option>lxc.cap.drop</option>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen </term>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <listitem>

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen <para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen Specify the capability to be dropped in the container. A

f6e301cb2060c4367d8145e2bf5d553ba87ceb34Timo Sirainen single line defining several capabilities with a space

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen separation is allowed. The format is the lower case of

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the capability definition without the "CAP_" prefix,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen eg. CAP_SYS_MODULE should be specified as

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen sys_module. See

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <citerefentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refentrytitle><command>capabilities</command></refentrytitle>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <manvolnum>7</manvolnum>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </citerefentry>,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </listitem>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </varlistentry>

f119596e34bc4a7ce374f4aa5f4f1eb12061a372Timo Sirainen </variablelist>

f119596e34bc4a7ce374f4aa5f4f1eb12061a372Timo Sirainen </refsect2>

f119596e34bc4a7ce374f4aa5f4f1eb12061a372Timo Sirainen

f119596e34bc4a7ce374f4aa5f4f1eb12061a372Timo Sirainen </refsect1>

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refsect1>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <title>Examples</title>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen In addition to the few examples given below, you will find

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen some other examples of configuration file in @DOCDIR@/examples

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <title>Network</title>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>This configuration sets up a container to use a veth pair

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen device with one side plugged to a bridge br0 (which has been

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen configured before on the system by the administrator). The

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen virtual network device visible in the container is renamed to

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen eth0.</para>

294c71436de227178c709e4d498e7be9b5d8d7feTimo Sirainen <programlisting>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.utsname = myhostname

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.type = veth

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.flags = up

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.network.link = br0

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.name = eth0

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.hwaddr = 4a:49:43:49:79:bf

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.ipv4 = 1.2.3.5/24

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </programlisting>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <title>Control group</title>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <para>This configuration will setup several control groups for

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the application, cpuset.cpus restricts usage of the defined cpu,

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cpus.share prioritize the control group, devices.allow makes

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen usable the specified devices.</para>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <programlisting>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cgroup.cpuset.cpus = 0,1

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cgroup.cpu.shares = 1234

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cgroup.devices.deny = a

13a8c553f293349248b161ff851743498916e26eTimo Sirainen lxc.cgroup.devices.allow = c 1:3 rw

13a8c553f293349248b161ff851743498916e26eTimo Sirainen lxc.cgroup.devices.allow = b 8:0 rw

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen </programlisting>

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen </refsect2>

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen <refsect2>

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen <title>Complex configuration</title>

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen <para>This example show a complex configuration making a complex

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen network stack, using the control groups, setting a new hostname,

9fcf7b79236b0045f7709718f7b65ada516565e7Timo Sirainen mounting some locations and a changing root file system.</para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <programlisting>

9fcf7b79236b0045f7709718f7b65ada516565e7Timo Sirainen lxc.utsname = complex

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.type = veth

a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen lxc.network.flags = up

a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen lxc.network.link = br0

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.hwaddr = 4a:49:43:49:79:bf

a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen lxc.network.ipv4 = 1.2.3.5/24

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.type = macvlan

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.flags = up

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.link = eth0

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.hwaddr = 4a:49:43:49:79:bd

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen lxc.network.ipv4 = 1.2.3.4/24

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen lxc.network.ipv4 = 192.168.10.125/24

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596

24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen lxc.network.type = phys

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.flags = up

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.link = dummy0

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.hwaddr = 4a:49:43:49:79:ff

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.ipv4 = 1.2.3.6/24

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297

5fbf8719b9ef072295c16bc4492f9f0ece92117dTimo Sirainen lxc.cgroup.cpuset.cpus = 0,1

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.cgroup.cpu.shares = 1234

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.cgroup.devices.deny = a

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen lxc.cgroup.devices.allow = c 1:3 rw

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cgroup.devices.allow = b 8:0 rw

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.mount = /etc/fstab.complex

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.rootfs = /mnt/rootfs.complex

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cap.drop = sys_module mknod setuid net_raw

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen lxc.cap.drop = mac_override

3656c91dcb8336814bebd4500e81c3dde25233e6Timo Sirainen </programlisting>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refsect2>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </refsect1>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <refsect1>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen <title>See Also</title>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <simpara>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <citerefentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refentrytitle><command>chroot</command></refentrytitle>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <manvolnum>1</manvolnum>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </citerefentry>,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

3656c91dcb8336814bebd4500e81c3dde25233e6Timo Sirainen <citerefentry>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <refentrytitle><command>pivot_root</command></refentrytitle>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <manvolnum>8</manvolnum>

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen </citerefentry>,

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen

6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen <citerefentry>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen <refentrytitle><filename>fstab</filename></refentrytitle>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen <manvolnum>5</manvolnum>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </citerefentry>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </simpara>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen </refsect1>

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen &seealso;

dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen

36c4702131e5a04984ad5d07cf5d8d5c633d43c3Timo Sirainen <refsect1>

36c4702131e5a04984ad5d07cf5d8d5c633d43c3Timo Sirainen <title>Author</title>

ab1b9a793d57a60c230a41f65f1a25d52c026233Timo Sirainen <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen </refsect1>

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen

6b2738c39a868ff9291867138c55029fc40cf105Timo Sirainen</refentry>

5fe06fea9fee0f5e4e9cb49f6866877223f78b85Timo Sirainen

36c4702131e5a04984ad5d07cf5d8d5c633d43c3Timo Sirainen