[lxc-users] Creating a Linux container that is just a sandbox of my actual installation

james harvey jamespharvey20 at gmail.com
Mon Jun 1 02:06:07 UTC 2015


> If it's only "keep the files separate", then overlayfs should do the job.
>
> Note that due to the nature of overlayfs, I wouldn't recommend RELYING
> on packages upgraded on the host to be available on the container.
> During your container customization, it's possible that you broke the
> link (e.g. by installing some package on the container, whose
> dependency might cause another package to be upgraded on the
> container).

Thanks for pointing that out!

> Something like this should work:
>
> - create a new container config, in the example "overlay" is the
> container name and the config file is "/var/lib/lxc/overlay/config"
>
> #===
> # Distribution configuration
> # Change to correct config for your distro
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.arch = x86_64
>
> # Container specific configuration
> lxc.rootfs = overlayfs:/:/var/lib/lxc/overlay/rw
> lxc.utsname = overlay
>
> # Network configuration
> lxc.network.type = veth
> lxc.network.link = lxcbr0
> lxc.network.flags = up
> # Use persistent MAC
> lxc.network.hwaddr = 00:16:3E:2A:96:C1
> #===
>
> - create overlay rw dir
> # mkdir -p /var/lib/lxc/overlay/rw
>
> - create customizations for the container. For example: /etc/fstab
> (container's fstab should be empty), /etc/network/interfaces, and
> probably disable lxcbr0 on the container
> # mkdir -p /var/lib/lxc/overlay/rw/etc/
> # vi /var/lib/lxc/overlay/rw/etc/fstsb
>
> ... and so on
>
> - start the container
> # lxc-start -F -n overlay

Thanks!  Got it working.

Is there any way to have the container run along side the processes
already running in the host, rather than booting (what in my case is
a) another version of what's running on the host?

Also, In case someone wants to do this on Fedora, I also had to:
mkdir /var/lib/lxc/overlay/olwork
modprobe overlay && echo "overlay" > /etc/modules-load.d/overlayfs.conf
dnf install policycoreutils-python
lxc-start -F -n overlay
grep lxc /var/log/audit/audit.log | audit2allow -M lxcpolicy
semodule -I lxcpolicy.pp
lxc-start -F -n overlay


More information about the lxc-users mailing list