From Telecomix Crypto Munitions Bureau
LXC (Linux Containers) - lightweight framework for virtual machines, present in kernel by default. Probably the simplest way to set up Linux-based virtual machines (except Qemu but it is veeery slow).
For each container, minimum is filesystem (rootfs) and config file. No need to create disk images!
 Quick start for Debian
Warning: this mini-tutorial is not applicable for offering virtual machines to untrusted users! TCMB has to investigate how to secure the host system.
Do everything as root.
 Prepare host system
- Install LXC userspace utils - aptitude should do the work.
- mount cgroups
- Add bridge network interface if you want, but we will focus later on more sophisticated networking.
mkdir /lxc- base lxc directory
 Minimalistic OS container setup
Not for serious tasks, but it works.
mkdir -p /lxc/vm1
- Download and unpack the rootfs from 
- The minimalistic rootfs is dedicated for playing with networking. It was made from Debian binaries.
- Download config from  (based on Debian's default), put in /lxc/vm1/config
lxc-start -n vm1 -f /lxc/vm1/config
 Debian container setup
This is for patient people...
- Set up container for testing
- Install Debian in it:
/usr/lib/lxc/templates/lxc-debian -p /lxc/vm0
- Note the root password (if you lose it, it won't hurt, however)
- Do some corrections in newly created container:
- For now, comment out
lxc.network.link = br0in /lxc/vm0/config (near the end of the file). You may also want to change "lxc.utsname" parameter which means container hostname.
- Chroot into container
apt-get install vim(or
nanowhich is smaller and more user-friendly)
/etc/inittabcommenting out lines similar to
2:23:respawn:/sbin/getty 38400 tty2except tty1
mknod /dev/tty1 c 4 1
- exit chroot by pressing Ctrl-D in shell
- For now, comment out
- Start the container!
lxc-start -n vm0 -f /lxc/vm0/config
- From other shell,
lxc-console -n vm0 -t 1. Congratulations, you're on the VM.
 Other tasks
- If you want the container to be running after reboot, consider symlinking its config to /etc/lxc/auto/
 Securing the host system
 Anonymity and Networking
- Warning: killing lxc-related processes from host may cause htop to segfault. There is no known workaround for it.
kill(1)works just fine.
- Do not use kill -9 to switch off virtual machine. Use
lxc-stop -n vmn.
- REAL DANGER: DO NOT EVEN TRY TO USE /proc/sysrq-trigger INSIDE CONTAINER, IT WILL AFFECT HOST SYSTEM! This is security flaw that will have to be investigated.
 See also
- http://www.ibm.com/developerworks/linux/library/l-lxc-security/ for real setup