[lxc-users] Creating a Linux container that is just a sandbox of my actual installation
Fajar A. Nugraha
list at fajar.net
Sun May 31 01:57:16 UTC 2015
On Sun, May 31, 2015 at 8:14 AM, james harvey <jamespharvey20 at gmail.com> wrote:
>>> What is your primary goal?
>
> ... Part of me is wondering if I can overlayfs everything, and chroot
> a terminal into the overlayfs mount. Not too worried about malicious
> apps for my situation in Linux. Just want to keep the files separate.
If it's only "keep the files separate", then overlayfs should do the job.
Note that due to the nature of overlayfs, I wouldn't recommend RELYING
on packages upgraded on the host to be available on the container.
During your container customization, it's possible that you broke the
link (e.g. by installing some package on the container, whose
dependency might cause another package to be upgraded on the
container).
Something like this should work:
- create a new container config, in the example "overlay" is the
container name and the config file is "/var/lib/lxc/overlay/config"
#===
# Distribution configuration
# Change to correct config for your distro
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.arch = x86_64
# Container specific configuration
lxc.rootfs = overlayfs:/:/var/lib/lxc/overlay/rw
lxc.utsname = overlay
# Network configuration
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
# Use persistent MAC
lxc.network.hwaddr = 00:16:3E:2A:96:C1
#===
- create overlay rw dir
# mkdir -p /var/lib/lxc/overlay/rw
- create customizations for the container. For example: /etc/fstab
(container's fstab should be empty), /etc/network/interfaces, and
probably disable lxcbr0 on the container
# mkdir -p /var/lib/lxc/overlay/rw/etc/
# vi /var/lib/lxc/overlay/rw/etc/fstsb
... and so on
- start the container
# lxc-start -F -n overlay
Note that you'd need a supported fileystem for both the lower and
upperdir, ext4 works while zfs doesn't.
--
Fajar
More information about the lxc-users
mailing list