LinuX Containers (LXC)
Links
Konfiguration
lxc-checkconfig
lxd-daemon
storage backends
unterstützte BACKENDs: btrfs, ceph, dir, lvm or zfs.
live migration
sudo apt install criu
lxc move host1:$somename host2:$somename
Security
Grundregeln
- privilegierte Container → root-Rechte
- lxd-Gruppenmitgliedschaft → root-Rechte
- Zugriff auf den LXD socket → root-Rechte
| Key | Type | Default | Required | Description |
|---|---|---|---|---|
| security.mac_filtering | boolean | false | no | Prevent the instance from spoofing another's MAC address |
| security.ipv4_filtering | boolean | false | no | Prevent the instance from spoofing another's IPv4 address (enables mac_filtering) |
| security.ipv6_filtering | boolean | false | no | Prevent the instance from spoofing another's IPv6 address (enables mac_filtering) |
One can override the default bridged NIC settings from the profile on a per-instance basis using:
lxc config device override <instance> <NIC> security.mac_filtering=true