Category Archives: Development Environment

How to run GUI applications in an LXC Container

In the post, I’ll show how I got GUI applications to run in a LXC Container.
I have Ubuntu Desktop 16.04 LTS (Xenial release) installed on my machine.

Installation and Setup Steps

 

Install LXC
sudo apt install -y lxc

The system now has all the LXC commands available, all its templates as well as the Python3 binding to script LXC.

See: https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-installation

Create a Container

This creates a privileged container called ethsandbox from the Ubuntu distribution, Xenial release, for amd64 architecture:

sudo lxc-create -n ethsandbox -t ubuntu -- -r xenial

## # The default user is 'ubuntu' with password 'ubuntu'! # Use the 'sudo' command to run tasks as root in the container. ##

List containers:

sudo lxc-ls -f

NAME STATE AUTOSTART GROUPS IPV4 IPV6 ethsandbox STOPPED 0 - - -
Start Container
sudo lxc-start -d -n ethsandbox

Get detailed container information. Take note of the container’s IP address shown below:

sudo lxc-info -n ethsandbox

Name: ethsandbox State: RUNNING PID: 28605 IP: 10.0.3.129 CPU use: 1.01 seconds BlkIO use: 60.66 MiB Memory use: 80.02 MiB KMem use: 5.84 MiB Link: vethQRIHXO TX bytes: 1.59 KiB RX bytes: 12.54 KiB Total bytes: 14.13 KiB
Configure Sandbox

Secure login into the new container. The password for default user ubuntu is ubuntu.
At this point, ssh will fail to forward X because there is no xauth.

ssh -X ubuntu@10.0.3.129

To connect using ssh with X11 forwarding, install the xauth package.
First update the package lists for upgrades with outstanding package updates, as well as with new packages that have just come to the repositories:

sudo apt-get update

Install xauth package:

sudo apt-get install xauth

Exit the container:

exit

..and re-enter:

ssh -X ubuntu@10.0.3.129

Install Firefox – our GUI test application:

sudo apt-get install -y firefox

Run Firefox:

firefox

LXC Containers as Sandbox Environments


What is this and why?

LXC (Linux Containers) are like lightweight VMs, providing an isolated OS environment and enabling full system virtualization for computers running GNU/Linux. In addition to selecting an OS flavor, this type of container permits users to install and execute multiple applications and processes in the container.

LXC Provides:

  • its own file system
  • network process
  • block I/O space
  • IP address
  • separate process domain
  • separate user ids
  • dedicated access to the host’s physical resources – memory and CPU

These containers can be used to host virtual environments in a fashion similar to VMs, provide typical VM benefits such as workload isolation and utilization of hardware resources, as well as the performance of bare-metal!

An important characteristic of LXC containers is data persistence. Changes made during a session are persisted beyond a restart of the container. An LXC container may be edited after deployment with the state changes persisted.

Under the hood, LXC employs kernel level isolation using CGroups and namespaces to provide virtualization and the ability to execute multiple virtual units at the same time. These virtual units are compartmentalized and make efficient use of available resources since they run on the same kernel:

  • Namespaces project an isolated view of the OS to an application so that it gets its own isolated instance of a global resource. Here are some types of namespaces:
    • process (pid)
    • networking (net)
    • inter-process communication (ipc)
    • file system (mnt)
    • hostname (uts)
    • user IDs (user)
  • Control Groups (cgroups) provides task grouping and controls. Isolates container access to physical resources such as CPU, memory and disk I/O.
Virtualization vs. Containers
Virtualization vs. Containers

As already discussed, containers have a very low overhead compared to VMs – you are not installing a separate OS for the container, and a hypervisor with attendant costs is not needed.  Containers are demonstrably faster to deploy, require fewer resources and can achieve performance levels near those of the host they run on.

A container can boot up in seconds, while VMs can take a minute.

These are quite attractive features for establishing throwaway sandbox environments. It would be quite possible to experiment with various installations, learn from mistakes and install a fresh environment leveraging lessons learned from earlier sandboxes.