Provided by: lxc_0.6.3-1_i386 bug

NAME

       lxc.conf - linux container configuration file

DESCRIPTION

       The  linux  containers (lxc) are always created before being used. This
       creation defines a set of system resources to be virtualized / isolated
       when  a  process is using the container. By default, the pids, sysv ipc
       and mount  points  are  virtualized  and  isolated.  The  other  system
       resources  are  shared  across  containers,  until  they are explicitly
       defined in the configuration file. For example, if there is no  network
       configuration,  the  network  will be shared between the creator of the
       container and the container itself, but if the network is specified,  a
       new network stack is created for the container and the container can no
       longer use the network of its ancestor.

       The configuration file defines the different  system  resources  to  be
       assigned  for  the container. At present, the utsname, the network, the
       mount  points,  the  root  file  system  and  the  control  groups  are
       supported.

       Each  option in the configuration file has the form key = value fitting
       in one line. The ’#’ caracter means the line is a comment.

   HOSTNAME
       The utsname section defines the hostname to be set for  the  container.
       That  means the container can set its own hostname without changing the
       one from the system. That makes the hostname private for the container.

            lxc.utsname
              specify the hostname for the container

   NETWORK
       The  network  section  defines  how  the  network is virtualized in the
       container. The network virtualization acts at  the  layer  two,  so  in
       order  to  use  the  network,  a few information should be specified to
       define the network interfaces to be  used  by  the  container.  Several
       virtual  interfaces  can  be assigned and used in a container either if
       the system has only one physical network interface.

            lxc.network.type
              specify what kind of network virtualization to be used  for  the
              container.  Each  time  a  lxc.network.type field is found a new
              round of network  configuration  begins.  By  this  way  several
              network  virtualization can be specified for the same container,
              as  well  as  assigning  several  network  interfaces  for   one
              container. The different virtualization types can be:

              empty:  a new network stack is created for the container, but it
              will not contain any network interface.

              veth: a new network stack is created, a peer network  device  is
              created  with  one  side assigned to the container and the other
              side attached to a bridge specified by the lxc.network.link. The
              bridge  has  to  be setup before on the system, lxc won’t handle
              configuration outside of the container.

              macvlan: a new network stack is created, a macvlan interface  is
              linked  with the interface specified by the lxc.network.link and
              assigned to the container.

              phys: a new network stack is created and the interface specified
              by the lxc.network.link is assigned to the container.

            lxc.network.flags
              specify an action to do for the network.

              up: activates the interface.

            lxc.network.link
              specify the interface to be used for real network traffic.

            lxc.network.name
              the  interface  name  is  dynamically allocated, but if an other
              name is needed because the configuration files being used by the
              container  use a generic name, eg. eth0, this option will rename
              the interface in the container.

            lxc.network.hwaddr
              the interface mac address is dynamically allocated by default to
              the  virtual  interface,  but  in  some  case, this is needed to
              resolve a mac address conflict or to have always the same  link-
              locak ipv6 address.

            lxc.network.ipv4
              specify the ipv4 address to assign to the virtualized interface.
              Several lines specify several ipv4 addresses.  The address is in
              format x.y.z.t/m, eg. 192.168.1.123/24.

            lxc.network.ipv6
              specify the ipv6 address to assign to the virtualized interface.
              Several lines specify several ipv6 addresses.  The address is in
              format x::y/m, eg. 2003:db8:1:0:214:1234:fe0b:3596/64

   NEW PSEUDO TTY INSTANCE (DEVPTS)
       For  stricter isolation the container can have its own private instance
       of the pseudo tty.

            lxc.pts
              If set, the container will  have  a  new  pseudo  tty  instance,
              making  this  private  to  it.  The  value specifies the maximum
              number  of  pseudo  ttys  allowed  for  a  pts  instance   (this
              limitation is not implemented yet).

   CONSOLE THROUGH THE TTYS
       If  the  container is configured with a root filesystem and the inittab
       file is setup to launch a getty on the ttys. This option  will  specify
       the  number  of  ttys  to be available for the container. The number of
       getty in the inittab file of  the  container  and  the  number  of  tty
       specified  in  this  configuration  file should be equal, otherwise the
       getty will die and respawn indefinitly giving annoying messages on  the
       console.

            lxc.tty
              Specify the number of tty to make available to the container.

   MOUNT POINTS
       The  mount points section specifies the different places to be mounted.
       These mount points will be  private  to  the  container  and  won’t  be
       visible  by  the  processes  running  outside of the container. This is
       useful to mount /etc, /var or /home for examples.

            lxc.mount
              specify a file location in  the  fstab  format,  containing  the
              mount informations.

   ROOT FILE SYSTEM
       The root file system is the location where the container will chroot.

            lxc.rootfs
              specify  a file location containing the new file tree for a root
              file system.

   CONTROL GROUP
       The control group section contains the configuration for the  different
       subsystem.  lxc  does  not check the correctness of the subsystem name.
       This has the inconvenient to have the error being detected at  runtime,
       but the advantage to support any future subsystem.

            lxc.cgroup.[subsystem name]
              specify  the  control  group  value to be set. This field is the
              identifier to tell the following keyword is the literal name  of
              the control group subsystem, eg. lxc.cgroup.cpuset.cpus

EXAMPLES

   NETWORK
       This  configuration  sets up a container to use a veth pair device with
       one side plugged to a bridge br0 (which has been configured  before  on
       the system by the administrator). The virtual network device visible in
       the container is renamed to eth0.

       lxc.utsname = myhostname

       lxc.network.type = veth

       lxc.network.flags = up

       lxc.network.link = br0

       lxc.network.name = eth0

       lxc.network.hwaddr = 4a:49:43:49:79:bf

       lxc.network.ipv4 = 1.2.3.5/24

       lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597

   CONTROL GROUP
       This  configuration  will  setup  several  control   groups   for   the
       application, cpuset.cpus restricts usage of the defined cpu, cpus.share
       prioritize the control group, devices.allow makes usable the  specified
       devices.

       lxc.cgroup.cpuset.cpus = 0,1

       lxc.cgroup.cpu.shares = 1234

       lxc.cgroup.devices.deny = a

       lxc.cgroup.devices.allow = c 1:3 rw

       lxc.cgroup.devices.allow = b 8:0 rw

   COMPLEX CONFIGURATION
       This  example  show  a  complex  configuration making a complex network
       stack, using the control groups, setting a new hostname, mounting  some
       locations and a changing the root file system.

       lxc.utsname = complex

       lxc.network.type = veth

       lxc.network.flags = up

       lxc.network.link = br0

       lxc.network.hwaddr = 4a:49:43:49:79:bf

       lxc.network.ipv4 = 1.2.3.5/24

       lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597

       lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588

       lxc.network.type = macvlan

       lxc.network.flags = up

       lxc.network.link = eth0

       lxc.network.hwaddr = 4a:49:43:49:79:bd

       lxc.network.ipv4 = 1.2.3.4/24

       lxc.network.ipv4 = 192.168.10.125/24

       lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596

       lxc.network.type = phys

       lxc.network.flags = up

       lxc.network.link = dummy0

       lxc.network.hwaddr = 4a:49:43:49:79:ff

       lxc.network.ipv4 = 1.2.3.6/24

       lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297

       lxc.cgroup.cpuset.cpus = 0,1

       lxc.cgroup.cpu.shares = 1234

       lxc.cgroup.devices.deny = a

       lxc.cgroup.devices.allow = c 1:3 rw

       lxc.cgroup.devices.allow = b 8:0 rw

       lxc.mount = /etc/fstab.complex

       lxc.rootfs = /mnt/rootfs.complex

SEE ALSO

       chroot(1), pivot_root(8), fstab(5)

SEE ALSO

       lxc(1),  lxc-create(1), lxc-destroy(1), lxc-start(1), lxc-stop(1), lxc-
       execute(1), lxc-console(1), lxc-monitor(1), lxc-wait(1), lxc-cgroup(1),
       lxc-ls(1),   lxc-ps(1),  lxc-info(1),  lxc-freeze(1),  lxc-unfreeze(1),
       lxc.conf(5)

AUTHOR

       Daniel Lezcano <daniel.lezcano@free.fr>

                                03 August 2009                     LXC.CONF(5)