====== LXC - Linux Containers ======
[[tech:linux:ubuntu:start#lxc_ubuntu-specifics|Ubuntu-specific LXC info]]

==== Resources ====
  * [[http://www.darlo.tv/lxc/setup-unpriv-slackware.html|Unprivileged Containers in Slackware]]
  * [[https://stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers|Stephane Graber's intro]]

==== Basic setup ====
  * Physical host has to have a network bridge
  * On physical host, in ''/etc/lxc/default.conf'':<code>lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up</code>
  * If using OpenVPN in container, config also needs:<code>lxc.hook.autodev = sh -c "modprobe tun ; cd ${LXC_ROOTFS_MOUNT}/dev ; mkdir net ; mknod net/tun c 10 200 ; chmod 0666 net/tun"
lxc.cgroup.devices.allow = c 10:200 rwm</code>
  * Create container: ''lxc-create -n lxcguest -t /usr/share/lxc/templates/lxc-freeslack''
  * Edit container's ''config'' and:
    * Set MAC for virtual NIC: ''lxc.network.hwaddr = DE:AD:BE:EF:00:00''
    * Change location(s) of mount(s), if needed
    * Change container's ''/etc/rc.d/rc.inet1.conf''
  * Start container:  ''lxc-start -n lxcguest -d''
  * Connect to container's console:  ''lxc-console -n lxcname'' \\ // Default login/password is root/root //
  * Packages to add:
    * glibc-i18n
    * groff
    * man
    * ksh93
    * vim
    * less
    * rsync
    * perl
    * python
    * python-setuptools
    * sudo
    * db48
    * gnupg
    * gnupg2
    * curl
    * guile
    * gc
    * make
    * nmap
    * libunistring
    * libffi
    * git

==== Unprivileged ====
  - Prerequisites
  - Create standard root-privileged container
  - Remap that container's owner & group numbers to the user's subuid & subgid
  - Move the container into the user's file space
  - Run the unprivileged container

=== Prerequisites ===
  * Ensure the libcgroup package is at least ''libcgroup-0.41-x86_64-2_slack14.2''
  * In ''/etc/cgconfig.conf'': <code>group lxc { 
    perm {
        task {
            uid = rk4n3;
            gid = rk4n3;
        }
    admin {
          uid = rk4n3;
          gid = rk4n3;
      }
  }

  cpuset {
      cgroup.clone_children = 1;
      cpuset.mems = 0;
      cpuset.cpus = 0-3;
  }
  cpu {}
  cpuacct {}
  blkio {}
  memory { memory.use_hierarchy = 1; }
  devices {}
  freezer {}
  net_cls {}
  perf_event {}
  net_prio {}
}</code>
  * In ''/etc/cgrules.conf'':<code>rk4n3           *               lxc/</code>
  * As root: <code>usermod --add-subuids 100000-165536 rk4n3
usermod --add-subgids 100000-165536 rk4n3
</code>
  * Start ''cgconfig'' //(1st)// and ''cgred'' //(2nd)// services, verify with: ''lscgroup''

=== Re-Mapping Container UIDs & GIDs ===
Acquire ''uidmapshift.c'' and ''container-userns-convert'' from: [[http://bazaar.launchpad.net/%7Eserge-hallyn/+junk/nsexec/files|nsexec tools]]

Build ''uidmapshift'' with:
<code>gcc -o uidmapshift uidmapshift.c</code>

Near the end of the container-userns-convert , around line 61, change the call to ''uidmapshift'' to be $PATHTOYOUR/uidmapshift, then make container-userns-convert executable.
Perform the actual conversion with //(as root)//:
<code>./container-userns-convert yourcontainername 100000</code>

In ''$HOME/.config/lxc/default.conf'':
<code>
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = DE:AD:BE:EF:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
</code>

In ''/etc/lxc/lxc-usernet'': <code>rk4n3 veth br0 10</code>

==== Extra Setup ====

=== lighttpd ===
  * Packages to install for ''lighttpd'' //(preferred)//
    * php
  * Packages to install for ''lighttpd2'' //(experimental)//
    * lua
    * colm
    * kelbt
    * ragel
    * libev
    * libunwind //(optional: pass ''UNWIND=yes'' to lighttpd2 slackbuild)//
    * libiodbc
    * libmcrypt
    * libxml2
    * cyrus-sasl
    * enchant
    * aspell
    * aspell-en
    * t1lib
    * icu4c
    * sqlite
    * net-snmp
    * libxslt
    * libgcrypt
    * libnl3
    * libgpg-error
    * lighttpd2

=== MySQL ===
  * Install the mysql package(s)
    * Prerequisites in addition to template's packages: ''libaio'' and ''jemalloc''

=== Minimal X Footprint ===
  * libXaw
  * libXft
  * libXmu
  * libXt
  * libX11
  * libXpm
  * libXau
  * libXdmcp
  * libxcb
  * libXrender
  * libXext
  * libXfont
  * libXcursor
  * libXfixes
  * xsetroot
  * xcursorgen
  * libSM
  * libICE
  * libXinerama
  * xauth
  * xdm
  * rgb
  * utempter
  * harfbuzz
  * freetype
  * fontconfig
  * dejavu-fonts-ttf
  * font-misc-misc
  * libsecret
  * libnotify
  * glibmm
  * 
  * xterm
  * twm

==== FreeSlack Template ====
[[:tech:lxc:freeslacktemplate|Full text here ...]]
=== Full Package Set ===
  * flex
  * procmail
  * db48
  * sendmail-cf
  * sendmail
  * mailx
  * libffi
  * cyrus-sasl
  * less
  * libunistring
  * amanda
  * xz
  * which
  * wget
  * vim
  * util-linux
  * tar
  * sysvinit-scripts
  * sysvinit-functions
  * sysvinit
  * sysklogd
  * sudo
  * slackpkg
  * sharutils
  * shadow
  * sed
  * rsync
  * python
  * procps-ng
  * pkgtools
  * perl
  * openssl-solibs
  * openssh
  * network-scripts
  * net-tools
  * ncurses
  * mpfr
  * logrotate
  * iputils
  * gzip
  * grep
  * gnupg
  * glibc-solibs
  * gawk
  * findutils
  * eudev
  * etc
  * e2fsprogs
  * diffutils
  * dialog
  * dhcpcd
  * dcron
  * coreutils
  * bzip2
  * bin
  * bash
  * aaa_terminfo
  * aaa_elflibs
  * aaa_base

====== CentOS/RHEL Specifics ======
To see available templates: ''ls -alh /usr/share/lxc/templates/'' \\
See [[https://wiki.centos.org/HowTos/LXC-on-CentOS6|official CentOS topic]] for further detail \\