HOWTO: Configure a LXC Linux Container CentOS 6

Introduction to LXC

LXC isn't a real Virtualization technique, but is more like a chroot environment, but on "steroids". More information about LXC here :

Install libvirt stack

yum install libvirt libvirt-client python-virtinst 

Configuring a LXC container

Suppose you want to create a full container, similar to a minimal CentOS 6 setup.

On your machine, please be sure that libvirtd is started (service libvirtd start).

We'll initialize a CentOS 6 x86_64 container, assuming

on your machine filesystem

mkdir /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/ -p  
cat /etc/yum.repos.d/CentOS-Base.repo |sed s/'$releasever'/6/g > /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/CentOS-Base.repo
yum groupinstall core --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y
yum install plymouth libselinux-python --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y

Selinux note : You have to create a selinux policy to allow virtd_lxc_t to use dbus :

module lxc 1.0; 

require {
        type hald_t;
        type virtd_lxc_t;
        class dbus send_msg;

#============= hald_t ==============
allow hald_t virtd_lxc_t:dbus send_msg;

See the excellent guide/wiki page to know how to accomplish that step

Note that you can't use LXC with SELinux disabled, instead try to set it to permissive (see

in the chroot'ed filesystem

All the following steps will be done in the chroot'ed environment :

chroot /var/lib/libvirt/lxc/centos-6-x86_64/ 

echo MYROOTPASS |passwd root --stdin

#Fix root login on console

echo "pts/0" >>/etc/securetty

sed -i s/"session    required close"/"#session    required close"/g /etc/pam.d/login

sed -i s/"session    required open"/"#session    required open"/g /etc/pam.d/login

sed -i s/"session    required"/"#session    required"/g /etc/pam.d/login

#Configuring basic networking

cat > /etc/sysconfig/network << EOF



cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF





#Enabling sshd

chkconfig sshd on

# Fixing root login for sshd

sed -i s/"session    required close"/"#session    required close"/g /etc/pam.d/sshd

sed -i s/"session    required"/"#session    required"/g /etc/pam.d/sshd

sed -i s/"session    required open env_params"/"#session    required open env_params"/g /etc/pam.d/sshd

# Leaving the chroot'ed filesystem


back on your machine

# now creating the LXC container from that filesystem

virt-install --connect lxc:/// --name test --ram 512 --vcpu 1 --filesystem /var/lib/libvirt/lxc/centos-6-x86_64/,/ --noautoconsole 

You can access to the LXC container by using:

virsh console test   


ssh -l root CONTAINER_IP 

To get IP address of the LXC container, look for mac address (can be found in /etc/libvirt/lxc/test.xml) in dhcp leases /var/lib/libvirt/dnsmasq/default.leases

Note on using LXC inside KVM VM with default network

When using LXC inside KVM VM (both using libvirt), the default network is which will create a conflict when you try to start LXC container, to fix this you should change IP range in the guest VM's libvirtd (the one that runs containers).

service libvirtd stop
sed -i 's/"192\.168\.122\./"192.168.120./' /etc/libvirt/qemu/networks/default.xml
service libvirtd start

HowTos/LXC-on-CentOS6 (last edited 2014-02-28 17:42:53 by AthmaneMadjoudj)