Provided by:
lxc_0.6.3-1_i386 
NAME
lxc.conf - linux container configuration file
DESCRIPTION
The linux containers (lxc) are always created before being used. This
creation defines a set of system resources to be virtualized / isolated
when a process is using the container. By default, the pids, sysv ipc
and mount points are virtualized and isolated. The other system
resources are shared across containers, until they are explicitly
defined in the configuration file. For example, if there is no network
configuration, the network will be shared between the creator of the
container and the container itself, but if the network is specified, a
new network stack is created for the container and the container can no
longer use the network of its ancestor.
The configuration file defines the different system resources to be
assigned for the container. At present, the utsname, the network, the
mount points, the root file system and the control groups are
supported.
Each option in the configuration file has the form key = value fitting
in one line. The ’#’ caracter means the line is a comment.
HOSTNAME
The utsname section defines the hostname to be set for the container.
That means the container can set its own hostname without changing the
one from the system. That makes the hostname private for the container.
lxc.utsname
specify the hostname for the container
NETWORK
The network section defines how the network is virtualized in the
container. The network virtualization acts at the layer two, so in
order to use the network, a few information should be specified to
define the network interfaces to be used by the container. Several
virtual interfaces can be assigned and used in a container either if
the system has only one physical network interface.
lxc.network.type
specify what kind of network virtualization to be used for the
container. Each time a lxc.network.type field is found a new
round of network configuration begins. By this way several
network virtualization can be specified for the same container,
as well as assigning several network interfaces for one
container. The different virtualization types can be:
empty: a new network stack is created for the container, but it
will not contain any network interface.
veth: a new network stack is created, a peer network device is
created with one side assigned to the container and the other
side attached to a bridge specified by the lxc.network.link. The
bridge has to be setup before on the system, lxc won’t handle
configuration outside of the container.
macvlan: a new network stack is created, a macvlan interface is
linked with the interface specified by the lxc.network.link and
assigned to the container.
phys: a new network stack is created and the interface specified
by the lxc.network.link is assigned to the container.
lxc.network.flags
specify an action to do for the network.
up: activates the interface.
lxc.network.link
specify the interface to be used for real network traffic.
lxc.network.name
the interface name is dynamically allocated, but if an other
name is needed because the configuration files being used by the
container use a generic name, eg. eth0, this option will rename
the interface in the container.
lxc.network.hwaddr
the interface mac address is dynamically allocated by default to
the virtual interface, but in some case, this is needed to
resolve a mac address conflict or to have always the same link-
locak ipv6 address.
lxc.network.ipv4
specify the ipv4 address to assign to the virtualized interface.
Several lines specify several ipv4 addresses. The address is in
format x.y.z.t/m, eg. 192.168.1.123/24.
lxc.network.ipv6
specify the ipv6 address to assign to the virtualized interface.
Several lines specify several ipv6 addresses. The address is in
format x::y/m, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
NEW PSEUDO TTY INSTANCE (DEVPTS)
For stricter isolation the container can have its own private instance
of the pseudo tty.
lxc.pts
If set, the container will have a new pseudo tty instance,
making this private to it. The value specifies the maximum
number of pseudo ttys allowed for a pts instance (this
limitation is not implemented yet).
CONSOLE THROUGH THE TTYS
If the container is configured with a root filesystem and the inittab
file is setup to launch a getty on the ttys. This option will specify
the number of ttys to be available for the container. The number of
getty in the inittab file of the container and the number of tty
specified in this configuration file should be equal, otherwise the
getty will die and respawn indefinitly giving annoying messages on the
console.
lxc.tty
Specify the number of tty to make available to the container.
MOUNT POINTS
The mount points section specifies the different places to be mounted.
These mount points will be private to the container and won’t be
visible by the processes running outside of the container. This is
useful to mount /etc, /var or /home for examples.
lxc.mount
specify a file location in the fstab format, containing the
mount informations.
ROOT FILE SYSTEM
The root file system is the location where the container will chroot.
lxc.rootfs
specify a file location containing the new file tree for a root
file system.
CONTROL GROUP
The control group section contains the configuration for the different
subsystem. lxc does not check the correctness of the subsystem name.
This has the inconvenient to have the error being detected at runtime,
but the advantage to support any future subsystem.
lxc.cgroup.[subsystem name]
specify the control group value to be set. This field is the
identifier to tell the following keyword is the literal name of
the control group subsystem, eg. lxc.cgroup.cpuset.cpus
EXAMPLES
NETWORK
This configuration sets up a container to use a veth pair device with
one side plugged to a bridge br0 (which has been configured before on
the system by the administrator). The virtual network device visible in
the container is renamed to eth0.
lxc.utsname = myhostname
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.hwaddr = 4a:49:43:49:79:bf
lxc.network.ipv4 = 1.2.3.5/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597
CONTROL GROUP
This configuration will setup several control groups for the
application, cpuset.cpus restricts usage of the defined cpu, cpus.share
prioritize the control group, devices.allow makes usable the specified
devices.
lxc.cgroup.cpuset.cpus = 0,1
lxc.cgroup.cpu.shares = 1234
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rw
lxc.cgroup.devices.allow = b 8:0 rw
COMPLEX CONFIGURATION
This example show a complex configuration making a complex network
stack, using the control groups, setting a new hostname, mounting some
locations and a changing the root file system.
lxc.utsname = complex
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 4a:49:43:49:79:bf
lxc.network.ipv4 = 1.2.3.5/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597
lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588
lxc.network.type = macvlan
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.hwaddr = 4a:49:43:49:79:bd
lxc.network.ipv4 = 1.2.3.4/24
lxc.network.ipv4 = 192.168.10.125/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596
lxc.network.type = phys
lxc.network.flags = up
lxc.network.link = dummy0
lxc.network.hwaddr = 4a:49:43:49:79:ff
lxc.network.ipv4 = 1.2.3.6/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297
lxc.cgroup.cpuset.cpus = 0,1
lxc.cgroup.cpu.shares = 1234
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rw
lxc.cgroup.devices.allow = b 8:0 rw
lxc.mount = /etc/fstab.complex
lxc.rootfs = /mnt/rootfs.complex
SEE ALSO
chroot(1), pivot_root(8), fstab(5)
SEE ALSO
lxc(1), lxc-create(1), lxc-destroy(1), lxc-start(1), lxc-stop(1), lxc-
execute(1), lxc-console(1), lxc-monitor(1), lxc-wait(1), lxc-cgroup(1),
lxc-ls(1), lxc-ps(1), lxc-info(1), lxc-freeze(1), lxc-unfreeze(1),
lxc.conf(5)
AUTHOR
Daniel Lezcano <daniel.lezcano@free.fr>
03 August 2009 LXC.CONF(5)