渡鴉之丘: LinuX Container on Slackware 14.2 練習筆記

上次設定 LXC Container 沒有設定上網，所以目前的 Container 是沒辦法連外的。
這裡接續上次設定，繼續使 Container 可以連上外部網路。

設定 LXC 網路的方式：外面的 Host OS 有幾個跟網路設定有關的檔案，以及 LXC 本身的設定。接著 Container 裡面才能夠設置有效的網路（靜態 IP 或是 dhcp）。

因此設置上有三個步驟：

設置 LXC 的外部參數檔
在 Host OS 啟用 Network Bridging、ip_forward 與 iptables 等轉址設定
到 LXC 環境裡面確認網路

開始前，先在 Host OS 停止 Container

bash-4.4# lxc-stop -n mylxc
bash-4.4# lxc-info -n mylxc
Name:        mylxc
State:       STOPPED
bash-4.4#

目前 Host OS 網路界面狀況，以及 iptables 的狀況

bash-4.4# ifconfig
eth0: flags=4163  mtu 1500
     inet 192.xxx.xxx.110  netmask 255.255.255.0  broadcast 172.xxx.xxx.255
     inet6 fe80::xxxx:xxxx:xxxx:5180  prefixlen 64  scopeid 0x20
     ether f0:de:f1:56:51:80  txqueuelen 1000  (Ethernet)
     RX packets 108  bytes 7955 (7.7 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 30  bytes 3679 (3.5 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
     device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73  mtu 65536
     inet 127.0.0.1  netmask 255.0.0.0
     inet6 ::1  prefixlen 128  scopeid 0x10
     loop  txqueuelen 1  (Local Loopback)
     RX packets 2  bytes 100 (100.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 2  bytes 100 (100.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099  mtu 1500
     ether 8c:xx:xx:xx:xx:82  txqueuelen 1000  (Ethernet)
     RX packets 0  bytes 0 (0.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 0  bytes 0 (0.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bash-4.4# iptables --list
Chain INPUT (policy ACCEPT)
target  prot opt source            destination      

Chain FORWARD (policy ACCEPT)
target  prot opt source            destination      

Chain OUTPUT (policy ACCEPT)
target  prot opt source            destination  
bash-4.4#

1. 設置 Container 的參數設定
相關設定檔，除了全域的系統檔案，還有位在 Container 目錄下的 config 檔案。設定上，主要以個別 Container 設置為主
具體設定可以查閱 man lxc.conf 指令

bash-4.4# cat /var/lib/lxc/mylxc/config   
# Template used to create this container: /usr/share/lxc/templates/lxc-slackware
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

lxc.network.type = empty
lxc.rootfs = /var/lib/lxc/mylxc/rootfs
lxc.rootfs.backend = dir

lxc.utsname = mylxc

lxc.mount = /var/lib/lxc/mylxc/rootfs/etc/fstab

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/mylxc/rootfs

lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# we don't trust even the root user in the container, better safe than sorry.
# comment out only if you know what you're doing.
lxc.cap.drop = sys_module mknod mac_override mac_admin sys_time setfcap setpcap

# you can try also this alternative to the line above, whatever suits you better.
# lxc.cap.drop=sys_admin
bash-4.4#

編輯上面檔案，下面顯示編輯後結果；如果要多個網路界面，設置參數多放一組就好

bash-4.4# cat /var/lib/lxc/mylxc/config   
# Template used to create this container: /usr/share/lxc/templates/lxc-slackware
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

#lxc.network.type = empty
lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
lxc.network.ipv4 = 10.1.0.10/24
lxc.network.ipv4.gateway = 10.1.0.1
lxc.rootfs = /var/lib/lxc/mylxc/rootfs
lxc.rootfs.backend = dir

lxc.utsname = mylxc

lxc.mount = /var/lib/lxc/mylxc/rootfs/etc/fstab

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/mylxc/rootfs

lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# we don't trust even the root user in the container, better safe than sorry.
# comment out only if you know what you're doing.
lxc.cap.drop = sys_module mknod mac_override mac_admin sys_time setfcap setpcap

# you can try also this alternative to the line above, whatever suits you better.
# lxc.cap.drop=sys_admin
bash-4.4#

2. 啟用網路橋接與轉址
Bridging 的設定上，可以用 Script 啟用；或是在 INIT Service File 中設置。這裡採用 INIT 設定檔處理。
橋接設置有三部份

Bridge 界面的啟用
ip_forward 啟動
iptables 轉址的設定

這裡基於現有的 eth0 界面，再建立 br0 網路界面。接著啟動 ip_forward 服務。
然後設置 iptables 規則，允許 Container 對外請求被 Host OS 轉發。
如果要從 host OS 可以連通 Container 的 IP，則需要增加 iptables 規則，允許 Container 外部的連線請求被 Host OS 轉發。

Slackware 的網路設定與 CentOS 位置不同，設置參數都放在 /etc/rc.d/rc.inet1.conf 裡面（CentOS 則是在 /etc/sysconfig/network-scripts/ 裡面）。在該檔案裡面，提供 Bridging 設置參數。

bash-4.4# ps aux|grep inet
root   1063  0.0  0.0   6588  1600 ?     Ss   10:21   0:00 /usr/sbin/inetd
root   1925  0.0  0.0   9764  2020 pts/1 S+   10:46   0:00 grep inet
bash-4.4# cat << BRCNFEOF >> /etc/rc.d/rc.inet1.conf
# 
# Configure Network Bridging for Linux Container, *mylxc*

IFNAME[0]="br0"
BRNICS[0]="eth0"
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""
BRCNFEOF
bash-4.4# /etc/rc.d/rc.inet1 restart
sending signal ARLM to pid 1058
waiting for pid 1058 to exit
Polling for DHCP server on interface br0:
br0: waiting for carrier
br0: carrier acquired
DUID 00:01:00:01:1e:5c:98:eb:f0:de:f1:56:51:80
br0: IAID f1:56:51:80
br0: adding address fe80::f4f3:2264:bbeb:b651
br0: carrier lost
br0: deleting address fe80::f4f3:2264:bbeb:b651
br0: carrier acquired
br0: IAID f1:56:51:80
br0: adding address fe80::f4f3:2264:bbeb:b651
br0: soliciting an IPv6 router
br0: soliciting a DHCP lease
br0: offered 192.xxx.xxx.110 from 192.xxx.xxx.1
br0: probing address 192.xxx.xxx.110/24
br0: leased 192.xxx.xxx.110 for 604800 seconds
br0: adding route to 192.168.0.0/24
br0: adding default route via 192.168.0.1
forked to background, child pid 3934
bash-4.4# ifconfig
br0: flags=4163  mtu 1500
     inet 192.xxx.xxx.110  netmask 255.255.255.0  broadcast 192.168.0.255
     inet6 fe80::f4f3:2264:bbeb:b651  prefixlen 64  scopeid 0x20
     ether f0:de:f1:56:51:80  txqueuelen 1000  (Ethernet)
     RX packets 10942  bytes 3026210 (2.8 MiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 9563  bytes 2717150 (2.5 MiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419  mtu 1500
     inet6 fe80::7481:491d:e236:7480  prefixlen 64  scopeid 0x20
     ether f0:de:f1:56:51:80  txqueuelen 1000  (Ethernet)
     RX packets 15752  bytes 9996186 (9.5 MiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 12953  bytes 3004232 (2.8 MiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
     device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73  mtu 65536
     inet 127.0.0.1  netmask 255.0.0.0
     inet6 ::1  prefixlen 128  scopeid 0x10
     loop  txqueuelen 1  (Local Loopback)
     RX packets 174  bytes 14224 (13.8 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 174  bytes 14224 (13.8 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099  mtu 1500
     ether b2:65:33:f2:28:9b  txqueuelen 1000  (Ethernet)
     RX packets 0  bytes 0 (0.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 0  bytes 0 (0.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bash-4.4#

然後啟用 ip_forward 以及增加 iptables 的轉址規則，以便讓 Container 可以連線到外部。

bash-4.4# chmod +x /etc/rc.d/rc.ip_forward
bash-4.4# /etc/rc.d/rc.ip_forward start
Activating IPv4 packet forwarding.
Activating IPv6 packet forwarding.
bash-4.4# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
bash-4.4# iptables-save > /etc/iptables.rules

接著就是啟動 Container，並確認一下 ifconfig 變化

bash-4.4# lxc-start -n mylxc
bash-4.4# ifconfig
br0: flags=4163  mtu 1500
     inet 192.xxx.xxx.110  netmask 255.255.255.0  broadcast 192.xxx.xxx.255
     inet6 fe80::f4f3:2264:bbeb:b651  prefixlen 64  scopeid 0x20
     ether f0:de:f1:56:51:80  txqueuelen 1000  (Ethernet)
     RX packets 444  bytes 65767 (64.2 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 423  bytes 205605 (200.7 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419  mtu 1500
     ether f0:de:f1:56:51:80  txqueuelen 1000  (Ethernet)
     RX packets 16636  bytes 10452010 (9.9 MiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 13710  bytes 3264093 (3.1 MiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
     device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73  mtu 65536
     inet 127.0.0.1  netmask 255.0.0.0
     inet6 ::1  prefixlen 128  scopeid 0x10
     loop  txqueuelen 1  (Local Loopback)
     RX packets 442  bytes 36392 (35.5 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 442  bytes 36392 (35.5 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth48Y8K0: flags=4163  mtu 1500
     inet6 fe80::fcd6:b9ff:fe74:2e1b  prefixlen 64  scopeid 0x20
     ether fe:d6:b9:74:2e:1b  txqueuelen 1000  (Ethernet)
     RX packets 5  bytes 478 (478.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 6  bytes 648 (648.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099  mtu 1500
     ether ea:64:d6:f4:0a:72  txqueuelen 1000  (Ethernet)
     RX packets 0  bytes 0 (0.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 0  bytes 0 (0.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bash-4.4#

上面可以看到 LXC 在 Host OS 多啟動了一個網路界面。

3. 進到 LXC 裡面，測試網路
由於前面已經用 LXC 設定檔設置網路，一登入 Container 就會發現網路界面已經綁好，不太需要自己在 Container 裡面處理～
現在要確認的就是網路會不會通

bash-4.4# lxc-console -n mylxc

Connected to tty 1
               Type  to exit the console,  to enter Ctrl+a itself


Welcome to Linux 4.4.38 (tty1)

mylxc login: root
Password:
Linux 4.4.38.
Last login: Tue Nov  7 13:45:23 +0800 2017 on /dev/tty1.
You have mail.
root@mylxc:~# ifconfig
eth0: flags=4163  mtu 1500
     inet 10.1.0.10  netmask 255.255.255.0  broadcast 10.1.0.255
     inet6 fe80::5547:7ce8:a59a:837d  prefixlen 64  scopeid 0x20
     ether c2:1c:04:2d:a5:2e  txqueuelen 1000  (Ethernet)
     RX packets 62  bytes 8378 (8.1 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 22  bytes 2265 (2.2 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
     inet 127.0.0.1  netmask 255.0.0.0
     inet6 ::1  prefixlen 128  scopeid 0x10
     loop  txqueuelen 1  (Local Loopback)
     RX packets 0  bytes 0 (0.0 B)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 0  bytes 0 (0.0 B)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@mylxc:~#

設置完畢後，測通分配得到的網路界面能不能連到外面，這裡對 Google 的 DNS 服務作連線測試

root@mylxc:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.14 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=4.03 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=2.87 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 2.873/3.350/4.034/0.500 ms
root@mylxc:~#

網路總算是測通了

接著是安裝套件囉，安裝需要選定一個 Mirror Site 才行

root@mylxc:~# vi /etc/slackpkg/mirrors
. . . .
# TAIWAN (TW)
# ftp://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-current/
# http://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-current/
  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/
# http://ftp.twaren.net/Linux/Slackware/slackware64-current/
. . . .
root@mylxc:~# 
root@mylxc:~# slackpkg update gpg

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/GPG-KEY...
wget: error while loading shared libraries: libunistring.so.2: cannot open shared object file: No such file or directory

root@mylxc:~#

看起來目前的 LXC template 少抓一個套件，手動放進去（另外開一個 Console）
注意這裡是直接從 Host OS 直接伸手進入 Container 的目錄，跟普通的 VM 差很多

bash-4.4# cp ~/libunistring-0.9.7-x86_64-1.txz /var/lib/lxc/mylxc/rootfs/root/
bash-4.4#

在 Container 裡面裝起來，記得上面已經把套件放到 root 家目錄了

root@mylxc:~# installpkg ~/libunistring-0.9.7-x86_64-1.txz
Verifying package libunistring-0.9.7-x86_64-1.txz.
Installing package libunistring-0.9.7-x86_64-1.txz:
PACKAGE DESCRIPTION:
# libunistring (GNU Unicode string library)
#
# This library provides functions for manipulating Unicode strings and
# for manipulating C strings according to the Unicode standard.
#
# Homepage:  http://www.gnu.org/s/libunistring
#
Executing install script for libunistring-0.9.7-x86_64-1.txz.
Package libunistring-0.9.7-x86_64-1.txz installed.

root@mylxc:~#

再更新一次套件清單

root@mylxc:~# slackpkg update gpg

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/GPG-KEY...
--2017-11-09 22:33:13--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/GPG-KEY
        => '/tmp/slackpkg.1q4PW2/gpgkey'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current ... done.
==> SIZE GPG-KEY ... 1572
==> PASV ... done. ==> RETR GPG-KEY ... done.
Length: 1572 (1.5K) (unauthoritative)

GPG-KEY                     100%[==================================================>]   1.54K  --.-KB/s in 0.002s  

2017-11-09 22:33:14 (676 KB/s) - '/tmp/slackpkg.1q4PW2/gpgkey' saved [1572]

                     Slackware Linux Project's GPG key added

root@mylxc:~#
root@mylxc:~# slackpkg update    

Updating the package lists...
     Downloading...
                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/ChangeLog.txt...
--2017-11-09 22:34:01--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/ChangeLog.txt
        => '/tmp/slackpkg.4uHR72/ChangeLog.txt'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current ... done.
==> SIZE ChangeLog.txt ... 205929
==> PASV ... done. ==> RETR ChangeLog.txt ... done.
Length: 205929 (201K) (unauthoritative)

ChangeLog.txt               100%[==================================================>] 201.10K   691KB/s in 0.3s    

2017-11-09 22:34:02 (691 KB/s) - '/tmp/slackpkg.4uHR72/ChangeLog.txt' saved [205929]

Files /var/lib/slackpkg/ChangeLog.txt and /tmp/slackpkg.4uHR72/ChangeLog.txt differ

             List of all files
                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/patches/MANIFEST.bz2...
--2017-11-09 22:34:02--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/patches/MANIFEST.bz2
        => '/tmp/slackpkg.4uHR72/patches-MANIFEST.bz2'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/patches ... done.
==> SIZE MANIFEST.bz2 ... 14
==> PASV ... done. ==> RETR MANIFEST.bz2 ... done.
Length: 14 (unauthoritative)

MANIFEST.bz2                100%[==================================================>]   14  --.-KB/s in 0s   

2017-11-09 22:34:03 (1.02 MB/s) - '/tmp/slackpkg.4uHR72/patches-MANIFEST.bz2' saved [14]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/slackware64/MANIFEST.bz2...
--2017-11-09 22:34:03--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/slackware64/MANIFEST.bz2
        => '/tmp/slackpkg.4uHR72/slackware64-MANIFEST.bz2'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/slackware64 ... done.
==> SIZE MANIFEST.bz2 ... 3363071
==> PASV ... done. ==> RETR MANIFEST.bz2 ... done.
Length: 3363071 (3.2M) (unauthoritative)

MANIFEST.bz2                100%[==================================================>]   3.21M   710KB/s in 4.6s    

2017-11-09 22:34:08 (709 KB/s) - '/tmp/slackpkg.4uHR72/slackware64-MANIFEST.bz2' saved [3363071]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/extra/MANIFEST.bz2...
--2017-11-09 22:34:08--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/extra/MANIFEST.bz2
        => '/tmp/slackpkg.4uHR72/extra-MANIFEST.bz2'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/extra ... done.
==> SIZE MANIFEST.bz2 ... 111674
==> PASV ... done. ==> RETR MANIFEST.bz2 ... done.
Length: 111674 (109K) (unauthoritative)

MANIFEST.bz2                100%[==================================================>] 109.06K   674KB/s in 0.2s    

2017-11-09 22:34:09 (674 KB/s) - '/tmp/slackpkg.4uHR72/extra-MANIFEST.bz2' saved [111674]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/pasture/MANIFEST.bz2...
--2017-11-09 22:34:09--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/pasture/MANIFEST.bz2
        => '/tmp/slackpkg.4uHR72/pasture-MANIFEST.bz2'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/pasture ... done.
==> SIZE MANIFEST.bz2 ... 3524
==> PASV ... done. ==> RETR MANIFEST.bz2 ... done.
Length: 3524 (3.4K) (unauthoritative)

MANIFEST.bz2                100%[==================================================>]   3.44K  --.-KB/s in 0.005s  

2017-11-09 22:34:09 (688 KB/s) - '/tmp/slackpkg.4uHR72/pasture-MANIFEST.bz2' saved [3524]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/testing/MANIFEST.bz2...
--2017-11-09 22:34:09--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/testing/MANIFEST.bz2
        => '/tmp/slackpkg.4uHR72/testing-MANIFEST.bz2'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/testing ... done.
==> SIZE MANIFEST.bz2 ... 885
==> PASV ... done. ==> RETR MANIFEST.bz2 ... done.
Length: 885 (unauthoritative)

MANIFEST.bz2                100%[==================================================>]  885  --.-KB/s in 0.001s  

2017-11-09 22:34:10 (727 KB/s) - '/tmp/slackpkg.4uHR72/testing-MANIFEST.bz2' saved [885]

             Checksums
                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/CHECKSUMS.md5...
--2017-11-09 22:34:10--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/CHECKSUMS.md5
        => '/tmp/slackpkg.4uHR72/CHECKSUMS.md5'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current ... done.
==> SIZE CHECKSUMS.md5 ... 852379
==> PASV ... done. ==> RETR CHECKSUMS.md5 ... done.
Length: 852379 (832K) (unauthoritative)

CHECKSUMS.md5               100%[==================================================>] 832.40K   706KB/s in 1.2s    

2017-11-09 22:34:11 (706 KB/s) - '/tmp/slackpkg.4uHR72/CHECKSUMS.md5' saved [852379]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/CHECKSUMS.md5.asc...
--2017-11-09 22:34:11--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/CHECKSUMS.md5.asc
        => '/tmp/slackpkg.4uHR72/CHECKSUMS.md5.asc'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current ... done.
==> SIZE CHECKSUMS.md5.asc ... 163
==> PASV ... done. ==> RETR CHECKSUMS.md5.asc ... done.
Length: 163 (unauthoritative)

CHECKSUMS.md5.asc           100%[==================================================>]  163  --.-KB/s in 0s   

2017-11-09 22:34:12 (12.2 MB/s) - '/tmp/slackpkg.4uHR72/CHECKSUMS.md5.asc' saved [163]

             Package List
                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/FILELIST.TXT...
--2017-11-09 22:34:12--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/FILELIST.TXT
        => '/tmp/slackpkg.4uHR72/FILELIST.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current ... done.
==> SIZE FILELIST.TXT ... 1123305
==> PASV ... done. ==> RETR FILELIST.TXT ... done.
Length: 1123305 (1.1M) (unauthoritative)

FILELIST.TXT                100%[==================================================>]   1.07M   707KB/s in 1.6s    

2017-11-09 22:34:14 (707 KB/s) - '/tmp/slackpkg.4uHR72/FILELIST.TXT' saved [1123305]

             Package descriptions
                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/patches/PACKAGES.TXT...
--2017-11-09 22:34:14--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/patches/PACKAGES.TXT
        => '/tmp/slackpkg.4uHR72/patches-PACKAGES.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/patches ... done.
==> SIZE PACKAGES.TXT ... 224
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 224 (unauthoritative)

PACKAGES.TXT                100%[==================================================>]  224  --.-KB/s in 0s   

2017-11-09 22:34:14 (932 KB/s) - '/tmp/slackpkg.4uHR72/patches-PACKAGES.TXT' saved [224]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/slackware64/PACKAGES.TXT...
--2017-11-09 22:34:14--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/slackware64/PACKAGES.TXT
        => '/tmp/slackpkg.4uHR72/slackware64-PACKAGES.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/slackware64 ... done.
==> SIZE PACKAGES.TXT ... 722565
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 722565 (706K) (unauthoritative)

PACKAGES.TXT                100%[==================================================>] 705.63K   705KB/s in 1.0s    

2017-11-09 22:34:16 (705 KB/s) - '/tmp/slackpkg.4uHR72/slackware64-PACKAGES.TXT' saved [722565]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/extra/PACKAGES.TXT...
--2017-11-09 22:34:16--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/extra/PACKAGES.TXT
        => '/tmp/slackpkg.4uHR72/extra-PACKAGES.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/extra ... done.
==> SIZE PACKAGES.TXT ... 31700
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 31700 (31K) (unauthoritative)

PACKAGES.TXT                100%[==================================================>]  30.96K  --.-KB/s in 0.05s   

2017-11-09 22:34:16 (604 KB/s) - '/tmp/slackpkg.4uHR72/extra-PACKAGES.TXT' saved [31700]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/pasture/PACKAGES.TXT...
--2017-11-09 22:34:16--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/pasture/PACKAGES.TXT
        => '/tmp/slackpkg.4uHR72/pasture-PACKAGES.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/pasture ... done.
==> SIZE PACKAGES.TXT ... 2238
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 2238 (2.2K) (unauthoritative)

PACKAGES.TXT                100%[==================================================>]   2.19K  --.-KB/s in 0.003s  

2017-11-09 22:34:17 (805 KB/s) - '/tmp/slackpkg.4uHR72/pasture-PACKAGES.TXT' saved [2238]

                     Downloading ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/testing/PACKAGES.TXT...
--2017-11-09 22:34:17--  ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/testing/PACKAGES.TXT
        => '/tmp/slackpkg.4uHR72/testing-PACKAGES.TXT'
Resolving ftp.twaren.net (ftp.twaren.net)... 140.110.123.9, 2001:e10:5c00:5::9
Connecting to ftp.twaren.net (ftp.twaren.net)|140.110.123.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/Linux/Slackware/slackware64-current/testing ... done.
==> SIZE PACKAGES.TXT ... 845
==> PASV ... done. ==> RETR PACKAGES.TXT ... done.
Length: 845 (unauthoritative)

PACKAGES.TXT                100%[==================================================>]  845  --.-KB/s in 0.001s  

2017-11-09 22:34:17 (697 KB/s) - '/tmp/slackpkg.4uHR72/testing-PACKAGES.TXT' saved [845]

     Formatting lists to slackpkg style...
             Package List: using CHECKSUMS.md5 as source
             Package descriptions

root@mylxc:~#

如此就可以用 slackpkg install 新增新套件到 Container 了。測試結束！！

幾個簡單的 Linux Container 初步嘗試到此告一段落，以上都是所謂 Privileged Container 的設置，都是在 Container 裡面用 root 帳號。這再一般狀況下，不是太好的選擇～
因此後續會有 Unprivileged Container 的設置。有興趣的人可以去了解。

在 LXC 的使用上，多半都要自己作一些設置，而且產生的是完整的可讀寫子系統。
到了 docker，便延伸 LXC 的功能，簡化相關設置，進一步將 Container 打包成唯讀的 Image 執行環境，資料的異動與執行環境分離。使的 Container 得以被複製與調度（Container Orchestration），並且沒有執行環境「弄髒」的困擾。也因此 docker 最後比 LXC 還紅～

參考

LXC Container Networking Deep Dive | Linux.com | The source for Linux information

Flockport - LXC Networking Guide

Flockport - LXC advanced networking guide

Flockport - Flockport Labs - Extending layer 2 across container hosts

Secure LXC networking - Marian HackMan Marinov

Container veth Networking - Wind River Knowledge Library

How to create multiple network interfaces in an LXC container.

LXC Linux Containers with second network interface | box.matto.nl

HOWTO Use Linux Containers to set up virtual networks - Nsnam

How can i add network interface to LXC Container - Unix & Linux Stack Exchange

networking - Setting up bridged LXC containers with static IPs - Server Fault

Linux Containers - ArchWiki