LXC (Linux Containers) is a lightweight virtualization technology that allows multiple isolated Linux systems (containers) to run on the same host. LXC uses Linux kernel features such as namespaces, cgroups, and AppArmor to create and manage containers. Each container has its own file system, network interfaces, process tree, and resource limits. However, containers share the same kernel and hardware with the host, which makes them more efficient and faster than full virtualization.
By default, an LXC container has a minimal set of devices that are needed for its operation. These devices are created by the LXC library when the container is started, and are removed when the container is stopped. The default devices are:
/dev/log: This is a Unix domain socket that connects to the syslog daemon on the host. It allows the container to send log messages to the host’s system log1.
/dev/console: This is a character device that provides access to the container’s console. It is usually connected to the host’s terminal or a file. It allows the container to interact with the user or the host’s init system12.
/dev/urandom: This is a character device that provides an unlimited source of pseudo-random numbers. It is used by various applications and libraries that need randomness, such as cryptography, UUID generation, and hashing13.
The other devices listed in the question do not exist by default in an LXC container. They are either not needed, not allowed, or not supported by the container’s namespace or cgroup configuration. These devices are:
/dev/kmem: This is a character device that provides access to the kernel’s virtual memory. It is not needed by the container, as it can access its own memory through the /proc filesystem. It isalso not allowed by the container, as it would expose the host’s kernel memory and compromise its security4.
/dev/root: This is a symbolic link that points to the root device of the system. It is not supported by the container, as it does not have a separate root device from the host. The container’s root file system is mounted from a directory, an image file, or a loop device on the host5.
References:
Linux Containers - LXC - Manpages - lxc.container.conf.5
Linux Containers - LXC - Getting started
Random number generation - Wikipedia
/dev/kmem - Wikipedia
Linux Containers - LXC - Manpages - lxc.container.conf.5
