http://www.funtoo.org/index.php?title=Linux_Containers&feed=atom&action=history Linux Containers - Revision history 2013-05-18T23:00:05Z Revision history for this page on the wiki MediaWiki 1.20.4 http://www.funtoo.org/index.php?title=Linux_Containers&diff=8920&oldid=prev 24.184.214.10: /* Install LXC kernel */ 2013-02-12T01:44:20Z <p>‎<span dir="auto"><span class="autocomment">Install LXC kernel</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 01:44, 12 February 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 17:</td> <td colspan="2" class="diff-lineno">Line 17:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>**** Networking - depends on NET_9P = n</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>**** Networking - depends on NET_9P = n</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>**** Filesystems - 9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>**** Filesystems - 9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">**** Security options - Grsecurity - GRKERNSEC = n (if applicable)</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Kernel configuration ====</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Kernel configuration ====</div></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8721:newid:8920 --> </table> 24.184.214.10 http://www.funtoo.org/index.php?title=Linux_Containers&diff=8721&oldid=prev Palica: /* /etc/lxc/funtoo/fstab */ 2013-01-22T22:57:21Z <p>‎<span dir="auto"><span class="autocomment">/etc/lxc/funtoo/fstab</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:57, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 175:</td> <td colspan="2" class="diff-lineno">Line 175:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>none /lxc/funtoo/sys sysfs defaults 0 0</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>none /lxc/funtoo/sys sysfs defaults 0 0</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>none /lxc/funtoo/dev/shm tmpfs nodev,nosuid,noexec,mode=1777,rw 0 0</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>none /lxc/funtoo/dev/shm tmpfs nodev,nosuid,noexec,mode=1777,rw 0 0</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">none /lxc/funtoo/libexec/rc/init.d tmpfs rw,mode=755 0 0</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8720:newid:8721 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8720&oldid=prev Palica: /* /etc/lxc/funtoo/config */ 2013-01-22T22:56:20Z <p>‎<span dir="auto"><span class="autocomment">/etc/lxc/funtoo/config</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:56, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 88:</td> <td colspan="2" class="diff-lineno">Line 88:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 5 lxc.conf&quot; , to get more information about linux container configuration file.</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 5 lxc.conf&quot; , to get more information about linux container configuration file.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;pre&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>## <del class="diffchange diffchange-inline">Containerlxc</del>.utsname&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">funtoolxc</del>.rootfs&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/lib/lxc/<del class="diffchange diffchange-inline">funtoolxc</del>.arch&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">x86_64lxc</del>.tty&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">6lxc</del>.pts&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 1024#lxc.console&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/log/lxc/funtoo.console## <del class="diffchange diffchange-inline">Capabilitieslxc</del>.cap.drop&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sys_admin sys_module mac_admin mac_override## Devices# Allow all devices#lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; = a# Deny all <del class="diffchange diffchange-inline">deviceslxc</del>.cgroup.devices.deny&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = a# Allow to mknod all devices (but not using them)lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c *:* <del class="diffchange diffchange-inline">mlxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = b *:* m# /dev/<del class="diffchange diffchange-inline">consolelxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:1 rwm# /dev/<del class="diffchange diffchange-inline">fuselxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 10:229 rwm# /dev/<del class="diffchange diffchange-inline">nulllxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:3 rwm# /dev/<del class="diffchange diffchange-inline">ptmxlxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:2 rwm# /dev/pts/*lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 136:* rwm# /dev/<del class="diffchange diffchange-inline">randomlxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:8 rwm# /dev/<del class="diffchange diffchange-inline">rtclxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 254:0 rwm</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## <ins class="diffchange diffchange-inline">Container</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># /dev/<del class="diffchange diffchange-inline">ttylxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:0 rwm# /dev/<del class="diffchange diffchange-inline">urandomlxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:9 rwm# /dev/<del class="diffchange diffchange-inline">zerolxc</del>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:5 rwm## Limits#lxc.cgroup.cpu.shares&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 1024#lxc.cgroup.cpuset.cpus&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 0#lxc.cgroup.memory.limit_in_bytes&#160; &#160; &#160; = 256M#lxc.cgroup.memory.memsw.limit_in_bytes = 1G## <del class="diffchange diffchange-inline">Filesystemlxc</del>.mount&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /etc/lxc/funtoo/fstab#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = proc /var/lib/lxc/example.org/rootfs/proc proc nodev,noexec,nosuid 0 0#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sysfs /var/lib/lxc/example.org/rootfs/sys sysfs defaults,ro 0 0#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /srv/share/example.org /var/lib/example.org/rootfs/srv/example.org none defaults,bind 0 0## <del class="diffchange diffchange-inline">Networklxc</del>.network.type&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">vethlxc</del>.network.flags&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">uplxc</del>.network.hwaddr&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = #put your MAC address here, otherwise you will get a random <del class="diffchange diffchange-inline">onelxc</del>.network.link&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <del class="diffchange diffchange-inline">br0lxc</del>.network.name&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = eth0#lxc.network.veth.pair&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = veth-example</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.utsname&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">funtoo</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.rootfs&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/lib/lxc/<ins class="diffchange diffchange-inline">funtoo</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.arch&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">x86_64</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.tty&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">6</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.pts&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 1024</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.console&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/log/lxc/funtoo.console</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## <ins class="diffchange diffchange-inline">Capabilities</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cap.drop&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sys_admin sys_module mac_admin mac_override</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## Devices</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Allow all devices</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; = a</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Deny all <ins class="diffchange diffchange-inline">devices</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.deny&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = a</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Allow to mknod all devices (but not using them)</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c *:* <ins class="diffchange diffchange-inline">m</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = b *:* m</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">console</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:1 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">fuse</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 10:229 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">null</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:3 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">ptmx</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:2 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/pts/*</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 136:* rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">random</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:8 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">rtc</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 254:0 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">tty</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:0 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">urandom</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:9 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># /dev/<ins class="diffchange diffchange-inline">zero</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:5 rwm</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## Limits#</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>lxc.cgroup.cpu.shares&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 1024</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.cgroup.cpuset.cpus&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 0</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.cgroup.memory.limit_in_bytes&#160; &#160; &#160; = 256M</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.cgroup.memory.memsw.limit_in_bytes = 1G</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## <ins class="diffchange diffchange-inline">Filesystem</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.mount&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /etc/lxc/funtoo/fstab</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = proc /var/lib/lxc/example.org/rootfs/proc proc nodev,noexec,nosuid 0 0</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sysfs /var/lib/lxc/example.org/rootfs/sys sysfs defaults,ro 0 0</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /srv/share/example.org /var/lib/example.org/rootfs/srv/example.org none defaults,bind 0 0</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>## <ins class="diffchange diffchange-inline">Network</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.network.type&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">veth</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.network.flags&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">up</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.network.hwaddr&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = #put your MAC address here, otherwise you will get a random <ins class="diffchange diffchange-inline">one</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.network.link&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = <ins class="diffchange diffchange-inline">br0</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">lxc</ins>.network.name&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = eth0</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>#lxc.network.veth.pair&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = veth-example</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8719:newid:8720 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8719&oldid=prev Palica: /* /etc/lxc/funtoo/config */ 2013-01-22T22:51:33Z <p>‎<span dir="auto"><span class="autocomment">/etc/lxc/funtoo/config</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:51, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 88:</td> <td colspan="2" class="diff-lineno">Line 88:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 5 lxc.conf&quot; , to get more information about linux container configuration file.</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 5 lxc.conf&quot; , to get more information about linux container configuration file.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;pre&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">lxc</del>.utsname = funtoo</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">## Containerlxc</ins>.utsname <ins class="diffchange diffchange-inline">&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; </ins>= <ins class="diffchange diffchange-inline">funtoolxc.rootfs&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/lib/lxc/funtoolxc.arch&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = x86_64lxc.tty&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 6lxc.pts&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 1024#lxc.console&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /var/log/lxc/</ins>funtoo<ins class="diffchange diffchange-inline">.console## Capabilitieslxc.cap.drop&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sys_admin sys_module mac_admin mac_override## Devices# Allow all devices#lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; = a# Deny all deviceslxc.cgroup.devices.deny&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = a# Allow to mknod all devices (but not using them)lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c *:* mlxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = b *:* m# /dev/consolelxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:1 rwm# /dev/fuselxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 10:229 rwm# /dev/nulllxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:3 rwm# /dev/ptmxlxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:2 rwm# /dev/pts/*lxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 136:* rwm# /dev/randomlxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:8 rwm# /dev/rtclxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 254:0 rwm</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>lxc.<del class="diffchange diffchange-inline">arch </del>= <del class="diffchange diffchange-inline">x86_64</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"># /dev/ttylxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 5:0 rwm# /dev/urandomlxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:9 rwm# /dev/zerolxc.cgroup.devices.allow&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = c 1:5 rwm## Limits#</ins>lxc.<ins class="diffchange diffchange-inline">cgroup.cpu.shares&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; </ins>= <ins class="diffchange diffchange-inline">1024#lxc.cgroup.cpuset.cpus&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = 0#lxc.cgroup.memory.limit_in_bytes&#160; &#160; &#160; = 256M#lxc.cgroup.memory.memsw.limit_in_bytes = 1G## Filesystemlxc.mount&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /etc/lxc/funtoo/fstab#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = proc /var/lib/lxc/example.org/rootfs/proc proc nodev,noexec,nosuid 0 0#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = sysfs /var/lib/lxc/example.org/rootfs/sys sysfs defaults,ro 0 0#lxc.mount.entry&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = /srv/share/example.org /var/lib/example.org/rootfs/srv/example.org none defaults,bind 0 0## Networklxc.network.type&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = vethlxc.network.flags&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = uplxc.network.hwaddr&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = #put your MAC address here, otherwise you will get a random onelxc.network.link&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = br0lxc.network.name&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = eth0#lxc.network.veth.pair&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; = veth-example</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">&lt;/pre&gt;</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># mount configuration</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.mount = /etc/lxc/funtoo/fstab</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.rootfs = /lxc/funtoo</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># network configuration</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.type = veth</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.flags = up</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.link = brwan</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.ipv4 = &lt;your IPv4 address here, like 1.2.3.4/29&gt;</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.hwaddr = &lt;your randomly-generated MAC address here, like a2:97:b6:df:df:28&gt;</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.network.name = eth0</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># CPU &amp; Memory Limits</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># kernel/Documentation/cgroups/cpusets.txt&#160; # cores 0,1 of your CPU</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.cpuset.cpus = 0,1</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.cpu.shares = 1024</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># kernel/Documentation/cgroups/memory.txt</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.memory.limit_in_bytes = 1024M</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.memory.memsw.limit_in_bytes = 2048M</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># TTY configuration</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.tty = 12</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.pts = 128</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># Device configuration:</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># Deny access to all devices:</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.deny = a </del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># Allow only the following devices to be opened:</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 1:3 rwm # dev/null</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 1:5 rwm # dev/zero</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 1:8 rwm # dev/random</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 1:9 rwm # dev/urandom</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 5:0 rwm # /dev/tty - allows ssh-add/password input</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 5:1 rwm # /dev/console - allows lxc-start output</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 254:0 rwm # rtc</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># TTYs - we create only 3 TTYs: tty0, tty1, tty2 - you can create up to 12 (see lxc.tty = 12)</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 4:0 rwm # /dev/tty0</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 4:1 rwm # /dev/tty1</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 4:2 rwm # /dev/tty2</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># pts namespaces</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 136:* rwm # dev/pts/*</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cgroup.devices.allow = c 5:2 rwm # dev/pts/ptmx</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># restrict capabilities:</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = audit_control</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = audit_write</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = mac_admin</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = mac_override</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = setpcap</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = sys_admin</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = sys_boot</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = sys_module</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = sys_rawio</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">lxc.cap.drop = sys_time</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># By default, don't use lxc.cap.drop = mknod. This will allow mknod to create</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># device nodes so build scripts and other things don't fail. Then, we'll</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># rely on the devices.deny settings (default deny) to prevent any created </del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># device nodes inside the container from being used to access the host's </del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># hardware:</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># lxc.cap.drop = mknod</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">&lt;/pre&gt;</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 7 capabilities&quot; to get more information aboout Linux capabilities.</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Read &quot;man 7 capabilities&quot; to get more information aboout Linux capabilities.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8718:newid:8719 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8718&oldid=prev Palica: /* Create and Configure Container Filesystem */ 2013-01-22T22:19:40Z <p>‎<span dir="auto"><span class="autocomment">Create and Configure Container Filesystem</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:19, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 72:</td> <td colspan="2" class="diff-lineno">Line 72:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Create and Configure Container Filesystem ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Create and Configure Container Filesystem ===</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># Start with a Funtoo <del class="diffchange diffchange-inline">OpenVZ </del>template, and unpack it to a directory such as &lt;tt&gt;/<del class="diffchange diffchange-inline">lxc</del>/<del class="diffchange diffchange-inline">funtoo&lt;/tt&gt;.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Start with a Funtoo <ins class="diffchange diffchange-inline">LXC </ins>template, and unpack it to a directory such as &lt;tt&gt;/<ins class="diffchange diffchange-inline">var</ins>/<ins class="diffchange diffchange-inline">lib</ins>/lxc/funtoo&lt;/tt&gt;.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"># Edit &lt;tt&gt;</del>/lxc/funtoo<del class="diffchange diffchange-inline">/etc/rc.conf&lt;/tt&gt; and change &lt;tt&gt;rc_sys=openvz&lt;/tt&gt; to &lt;tt&gt;rc_sys=lxc</del>&lt;/tt&gt;.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Create an empty &lt;tt&gt;<ins class="diffchange diffchange-inline">/var/lib</ins>/lxc/funtoo/etc/fstab&lt;/tt&gt; file.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># Create an empty &lt;tt&gt;/lxc/funtoo/etc/fstab&lt;/tt&gt; file.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># Ensure &lt;tt&gt;c1&lt;/tt&gt; line is uncommented (enabled) and &lt;tt&gt;c2&lt;/tt&gt; through &lt;tt&gt;c6&lt;/tt&gt; lines are disabled in &lt;tt&gt;<ins class="diffchange diffchange-inline">/var/lib</ins>/lxc/funtoo/etc/inittab&lt;/tt&gt;.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># Ensure &lt;tt&gt;c1&lt;/tt&gt; line is uncommented (enabled) and &lt;tt&gt;c2&lt;/tt&gt; through &lt;tt&gt;c6&lt;/tt&gt; lines are disabled in &lt;tt&gt;/lxc/funtoo/etc/inittab&lt;/tt&gt;.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"># Edit &lt;tt&gt;udev-mount&lt;/tt&gt;, &lt;tt&gt;udev-postmount&lt;/tt&gt; and &lt;tt&gt;udev-save&lt;/tt&gt; and change the &lt;tt&gt;keyword&lt;/tt&gt; line to have the arguments &lt;tt&gt;-openvz -vserver -lxc&lt;/tt&gt;. (will be fixed in about a week)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>That's all you need to get the container filesystem ready to start.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>That's <ins class="diffchange diffchange-inline">almost </ins>all you need to get the container filesystem ready to start.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Create Container Configuration Files ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Create Container Configuration Files ===</div></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8717:newid:8718 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8717&oldid=prev Palica: /* Install LXC kernel */ 2013-01-22T22:14:23Z <p>‎<span dir="auto"><span class="autocomment">Install LXC kernel</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:14, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 49:</td> <td colspan="2" class="diff-lineno">Line 49:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;console&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;console&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># ##i##CONFIG=/path/to/config /usr/sbin/lxc-checkconfig</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># ##i##CONFIG=/path/to/config /usr/sbin/lxc-checkconfig</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/console&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/console&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8716:newid:8717 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8716&oldid=prev Palica: /* Configuring the Funtoo Host System */ 2013-01-22T22:13:11Z <p>‎<span dir="auto"><span class="autocomment">Configuring the Funtoo Host System</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:13, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 47:</td> <td colspan="2" class="diff-lineno">Line 47:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Once you have lxc installed, you can then check your kernel config with:</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>Once you have lxc installed, you can then check your kernel config with:</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>CONFIG=/path/to/config /usr/sbin/lxc-checkconfig</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">&lt;console&gt;</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"># ##i##</ins>CONFIG=/path/to/config /usr/sbin/lxc-checkconfig</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">=== Emerge lxc ===</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">&lt;</ins>/<ins class="diffchange diffchange-inline">console&gt;</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> emerge -av app-emulation</del>/<del class="diffchange diffchange-inline">lxc</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">=== Emerge lxc ===</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">&lt;console&gt;</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"># ##i##emerge -av app-emulation/lxc</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">&lt;/console&gt;</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Configure Networking For Container ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Configure Networking For Container ===</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8715:newid:8716 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8715&oldid=prev Palica: /* Emerge lxc */ 2013-01-22T22:09:26Z <p>‎<span dir="auto"><span class="autocomment">Emerge lxc</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:09, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 50:</td> <td colspan="2" class="diff-lineno">Line 50:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Emerge lxc ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Emerge lxc ===</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> emerge -av app-emulation/lxc</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Configure Networking For Container ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Configure Networking For Container ===</div></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:8714:newid:8715 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=8714&oldid=prev Palica: /* Configuring the Funtoo Host System */ 2013-01-22T22:08:18Z <p>‎<span dir="auto"><span class="autocomment">Configuring the Funtoo Host System</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 22:08, 22 January 2013</td> </tr><tr><td colspan="2" class="diff-lineno">Line 10:</td> <td colspan="2" class="diff-lineno">Line 10:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Install LXC kernel ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Install LXC kernel ===</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Any kernel beyond 3.1.5 will probably work. Personally I prefer the sys-kernel/gentoo-sources-3.4.9 as these have support for all the namespaces without sacrificing the xfs, FUSE or NFS support for example. These checks were introduced later starting from kernel 3.5, this could also mean that the user namespace is not working optimally.</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">I am using vanilla</del>-<del class="diffchange diffchange-inline">sources</del>-<del class="diffchange diffchange-inline">3</del>.<del class="diffchange diffchange-inline">1.5 </del>with <del class="diffchange diffchange-inline">no initrd.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* User namespace (EXPERIMENTAL) depends on EXPERIMENTAL and on UIDGID_CONVERTED</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** config UIDGID_CONVERTED</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** True if all of the selected software components are known to have uid_t and gid_t converted to kuid_t and kgid_t where appropriate and are otherwise safe to use with the user namespace.</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">**** Networking </ins>- <ins class="diffchange diffchange-inline">depends on NET_9P = n</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">**** Filesystems </ins>- <ins class="diffchange diffchange-inline">9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== Kernel configuration ====</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">These options should be enable in your kernel to be able to take full advantage of LXC</ins>.</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* General setup</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** CONFIG_NAMESPACES</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_UTS_NS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_IPC_NS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_PID_NS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_NET_NS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_USER_NS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** CONFIG_CGROUPS</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_CGROUP_DEVICE</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_CGROUP_SCHED</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_CGROUP_CPUACCT</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_CGROUP_MEM_RES_CTLR</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_CPUSETS (on multiprocessor hosts)</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* Networking support</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** Networking options</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** CONFIG_VLAN_8021Q</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* Device Drivers</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** Character devices</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** Unix98 PTY support</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">**** CONFIG_DEVPTS_MULTIPLE_INSTANCES</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">** Network device support</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">*** Network core driver support</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">**** CONFIG_VETH</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">**** CONFIG_MACVLAN</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Once you have lxc installed, you can then check your kernel config </ins>with<ins class="diffchange diffchange-inline">:</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> CONFIG=/path/to/config /usr/sbin/lxc-checkconfig</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Emerge lxc ===</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>=== Emerge lxc ===</div></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:5853:newid:8714 --> </table> Palica http://www.funtoo.org/index.php?title=Linux_Containers&diff=5853&oldid=prev 178.13.129.90: /* /etc/lxc/funtoo/config */ 2012-08-14T10:42:11Z <p>‎<span dir="auto"><span class="autocomment">/etc/lxc/funtoo/config</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 10:42, 14 August 2012</td> </tr><tr><td colspan="2" class="diff-lineno">Line 66:</td> <td colspan="2" class="diff-lineno">Line 66:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># CPU &amp; Memory Limits</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># CPU &amp; Memory Limits</div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># kernel/Documentation/cgroups/cpusets.txt</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># kernel/Documentation/cgroups/cpusets.txt <ins class="diffchange diffchange-inline"> # cores 0,1 of your CPU</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>lxc.cgroup.cpuset.cpus = 0,1 <del class="diffchange diffchange-inline"> # cores 0,1 of your CPU</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>lxc.cgroup.cpuset.cpus = 0,1</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>lxc.cgroup.cpu.shares = 1024</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div>lxc.cgroup.cpu.shares = 1024</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># kernel/Documentation/cgroups/memory.txt</div></td><td class='diff-marker'>&#160;</td><td style="background: #eee; color:black; font-size: smaller;"><div># kernel/Documentation/cgroups/memory.txt</div></td></tr> <!-- diff cache key mediawiki:diff:version:1.11a:oldid:5852:newid:5853 --> </table> 178.13.129.90