How to backup LXC containers

Moving LXC containers between host systems

This is how I migrate LXC containers between systems. I’ve successfully moved ubuntu based 12.04 containers to a 14.04 host, and they work great.

  • Shutdown the container
    # lxc-stop -n $NAME
  • Archive container rootfs & config
    # cd /var/lib/lxc/$NAME/
    # tar --numeric-owner -czvf container_fs.tar.gz ./*

    The ‘–numeric-owner’ flag is very important! Without it, the container may not boot because the uid/gids get mangled in the extracted filesystem. When tar creates an archive, it preserves user / group ownership information. By default, when extracting, tar tries to resolve the archive user/group ownership names with the ids on the system running tar. This is intended to ensure that user ownership is resolved on the new system, in case the UID numeric values differ between systems.

    This is bad for an LXC filesystem because the numeric uid/gid ownership is intended to be preserved for the whole filesystem. If it gets resolved to a different value, bad things happen.

  • Copy the file to your new server
    # rsync -avh container_fs.tar.gz user@newserver:/var/lib/lxc/
  • Extract rootfs
    # mkdir /var/lib/lxc/$NAME/
    # cd /var/lib/lxc/$NAME/
    # tar --numeric-owner -xzvf container_fs.tar.gz ./*

If you’re using an overlay backed container, you’ll also need to migrate the container this new one is based off of. Lastly, you might see a few warnings about skipped socket files:

tar: /var/lib/lxc/$NAME/rootfs/dev/log: socket ignored

I’ve ignored this error, and haven’t had any issues with any of the containers I manage. If you have further issues, add your error messages to the original post and I’ll elaborate.



How to backup LXC containers

LXC share folder

Exposing a directory on the host machine to an LXC container

  1. Log into the container and create an empty directory, this will be the mount point
  2. Log out and stop the container.
  3. Open to your container’s config file
    • For regular LXC containers: /var/lib/lxc/mycontainer/config
    • For unprivileged LXC containers: $HOME/.local/share/lxc/mycontainer/config
  4. Add a new line above the lxc.mount directive, that follows the format below. Substitute proper paths as necessary:
    • lxc.mount.entry = /path/to/folder/on/host /path/to/mount/point none bind 0 0
    • Both of these paths are relative to the host machine.
    • Location of the root fs in the container can be found at:
      • For regular LXC containers: /var/lib/lxc/mycontainer/rootfs/
      • For unprivileged LXC containers: $HOME/.local/share/lxc/mycontainer/rootfs

Note: If the host’s user does not exist in the container, the container will still be mounted, but with nobody:nogroup as the owner. This may not be a problem unless you need to write to these files, in which case you’ll need to give everybody write permission to that folder. (i.e. chmod -R go+w /folder/to/share)


I want to share /home/julianlam/foobar to my unprivileged container bazquux. In bazquux, I want this folder to be found at /mnt/baz.

In the container:

$ cd /mnt
$ sudo mkdir baz
$ logout

In the host, I will add the following line above lxc-mount in /home/julianlam/.local/share/lxc/bazquux/config:

lxc.mount.entry = /home/julianlam/foobar /home/julian/.local/share/lxc/bazquux/rootfs/mnt/baz none bind 0 0


LXC share folder

Bridge interface for lxc-containers

Script for creating bridge interface and applying  iptable routing rule:



echo 1 > /proc/sys/net/ipv4/ip_forward

Edit the container config:

# Network configuration = veth = up = lxc-br0 = eth0 = 00:FF:AA:00:00:01 = =

Edit the container interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

Enjoy the working network inside your lxc-container!

Bridge interface for lxc-containers