Last active
December 16, 2015 08:14
-
-
Save albertmeronyo/557474b0ec4876addbce to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First install lxc and uidmap | |
| sudo apt-get install lxc uidmap | |
| # Check that your user has a uid and gid map defined in /etc/subuid and /etc/subgid | |
| # (for unprivileged containers) | |
| # Edit /etc/lxc/lxc-usernet and add | |
| your-username veth lxcbr0 10 | |
| # Then create | |
| ~/.config/lxc | |
| cp /etc/lxc/default.conf ~/.config/lxc/default.conf | |
| # And append these two lines | |
| lxc.id_map = u 0 100000 65536 | |
| lxc.id_map = g 0 100000 65536 | |
| lxc.network.type = veth | |
| lxc.network.link = lxcbr0 | |
| # Where 100000 65536 are the start/end subuids range in /etc/subuid and /etc/subgid for the chosen user | |
| # Deiban specific: creating the container won't work unless we do (as root) | |
| echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children | |
| echo 1 > /proc/sys/kernel/unprivileged_userns_clone | |
| # NOTE: these values will get back to 0 on a system restart... | |
| # Now create a container | |
| lxc-create -t download -n my-container | |
| # Start the container | |
| lxc-start -n my-container -d | |
| # Confirm container status | |
| lxc-info -n my-container | |
| lxc-ls -f | |
| # Get container shell | |
| lxc-attach -n my-container | |
| # Stop the container | |
| lxc-stop -n my-container | |
| # Remove the container | |
| lxc-destroy -n my-container | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment