Tech Skills - Red Hat Enterprise Linux 7 - 3.

0 Securing Services
Filename: techskills-linuxsecurity-3-3-lxc_containers
Title: LXC Containers
Subtitle: Linux Security Techniques

3.3 LXC Containers

Can you give us a little background on LXC?

LXC
Open source project
Most contributions come from Canonical/Ubuntu today
Creates "containers" that allow us to isolate applications
Similar to a virtual machine, but shares the kernel with the underlying OS
Better performance
Far less overhead
Applications run isolated, but at full speed

How does this differ from chroot?

LXC uses many components to isolate an application

Chroot
Apparmor
SELinux
CGroups
Templates
LXC templates make the containers far easier to work with than chroot
Dependency checks are handled by a package manager
Acts as if there is an entire distro in the "jail"

What does it take to get LXC up and running?

1. yum install epel-release

2. yum install perl libvirt lxc lxc-templates lxc-extra
lxc - The container system
lxc-templates - Container templates
lxc-extra - LXC command line utilities
3. systemctl enable --now lxc
4. systemctl enable --now libvirtd
5. Test configuration
lxc-checkconfig

Now that it is up and running, how do we create a container?

View templates
ls /usr/share/lxc/templates/
Create a container
lxc-create -n <name> -t <template>
lxc-create -n webserver -t /usr/share/lxc/templates/lxc-centos
Containers are stored in /var/lib/lxc
View containers
lxc-ls
lxc-ls --active
lxc-info
Start a container
lxc-start -d -n <name>
-d runs it as a daemon

How do we install applications into the container?

Access a container's console

lxc-console -n <name>
ctrl-a then q to exit
Default root password
 cat /var/lib/lxc/webserver/tmp_root_pass

How do we remove a container when we no longer need it?

Stop a container
lxc-stop -n <name>
Delete a container
lxc-destroy -n <name>