LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Official project website: https://linuxcontainers.org/lxc

Fedora LXC images: https://us.images.linuxcontainers.org/images/fedora/

Getting started

Installation

# dnf install lxc lxc-templates

If you want to create your own container images additional tools such as for building Debian/Ubuntu-based containers might be required.

Networking

If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or or from within LXC with help of the lxc-net script.

lxc-net

LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed instance.

1. Make sure dnsmasq is installed:

# dnf install dnsmasq

2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc :

USE_LXC_BRIDGE="true"

3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net . This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net :

LXC_BRIDGE="lxcbr0" LXC_BRIDGE_MAC="00:16:3e:00:00:00" LXC_ADDR="10.0.3.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="10.0.3.0/24" LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" LXC_DHCP_MAX="253" LXC_DHCP_CONFILE="" LXC_DHCP_PING="true" LXC_DOMAIN="" LXC_IPV6_ADDR="" LXC_IPV6_MASK="" LXC_IPV6_NETWORK="" LXC_IPV6_NAT="false"

4. The bridge and dnsmasq instance are managed via lxc-net.service . To create and persist the bridge, run:

# systemctl enable --now lxc-net.service

Use custom network bridge

If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf .

For example when using the default bridge manged by libvirt , you must change it to:

lxc.network.type = veth lxc.network.link = virbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx

SELinux

SELinux currently prevents lxc to start containers, the issue has been reported at #1227071

A possible workaround is to set SELinux to permissive mode.

Create a container

# lxc-create -n container1 -t ubuntu -- -r xenial # lxc-start -n container1 # lxc-attach -n container1