Skip to content
Daemon based on liblxc offering a REST API to manage containers
Go Shell C Python Makefile TSQL
Branch: master
Clone or download
Pull request Compare This branch is 90 commits behind lxc:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



LXD is a next generation system container manager.
It offers a user experience similar to virtual machines but using Linux containers instead.

It's image based with pre-made images available for a wide number of Linux distributions
and is built around a very powerful, yet pretty simple, REST API.

To get a better idea of what LXD is and what it does, you can try it online!
Then if you want to run it locally, take a look at our getting started guide.

Release announcements can be found here:
And the release tarballs here:


Type Service Status
CI (Linux) Jenkins Build Status
CI (macOS) Travis Build Status
CI (Windows) AppVeyor Build Status
LXD documentation ReadTheDocs Read the Docs
Go documentation Godoc GoDoc
Static analysis GoReport Go Report Card
Translations Weblate Translation status
Project status CII Best Practices CII Best Practices

Installing LXD from packages

The LXD daemon only works on Linux but the client tool (lxc) is available on most platforms.

OS Format Command
Linux Snap snap install lxd
Windows Chocolatey choco install lxc
MacOS Homebrew brew install lxc

More instructions on installing LXD for a wide variety of Linux distributions and operating systems can be found on our website.

Installing LXD from source

We recommend having the latest versions of liblxc (>= 2.0.0 required) available for LXD development. Additionally, LXD requires Golang 1.10 or later to work. On ubuntu, you can get those with:

sudo apt update
sudo apt install acl autoconf dnsmasq-base git golang libacl1-dev libcap-dev liblxc1 liblxc-dev libtool libuv1-dev make pkg-config rsync squashfs-tools tar tcl xz-utils ebtables

Note that when building LXC yourself, ensure to build it with the appropriate security related libraries installed which our testsuite tests. Again, on ubuntu, you can get those with:

sudo apt install libapparmor-dev libseccomp-dev libcap-dev

There are a few storage backends for LXD besides the default "directory" backend. Installing these tools adds a bit to initramfs and may slow down your host boot, but are needed if you'd like to use a particular backend:

sudo apt install lvm2 thin-provisioning-tools
sudo apt install btrfs-tools

To run the testsuite, you'll also need:

sudo apt install curl gettext jq sqlite3 uuid-runtime bzr socat

Building the tools

LXD consists of two binaries, a client called lxc and a server called lxd. These live in the source tree in the lxc/ and lxd/ dirs, respectively. To get the code, set up your go environment:

mkdir -p ~/go
export GOPATH=~/go

And then download it as usual:

go get -d -v
cd $GOPATH/src/
make deps
export CGO_CFLAGS="${CGO_CFLAGS} -I${GOPATH}/deps/sqlite/ -I${GOPATH}/deps/dqlite/include/ -I${GOPATH}/deps/raft/include/ -I${GOPATH}/deps/libco/"
export CGO_LDFLAGS="${CGO_LDFLAGS} -L${GOPATH}/deps/sqlite/.libs/ -L${GOPATH}/deps/dqlite/.libs/ -L${GOPATH}/deps/raft/.libs -L${GOPATH}/deps/libco/"
export LD_LIBRARY_PATH="${GOPATH}/deps/sqlite/.libs/:${GOPATH}/deps/dqlite/.libs/:${GOPATH}/deps/raft/.libs:${GOPATH}/deps/libco/:${LD_LIBRARY_PATH}"

...which will give you two binaries in $GOPATH/bin, lxd the daemon binary, and lxc a command line client to that daemon.

Machine Setup

You'll need sub{u,g}ids for root, so that LXD can create the unprivileged containers:

echo "root:1000000:65536" | sudo tee -a /etc/subuid /etc/subgid

Now you can run the daemon (the --group sudo bit allows everyone in the sudo group to talk to LXD; you can create your own group if you want):

sudo -E LD_LIBRARY_PATH=$LD_LIBRARY_PATH $GOPATH/bin/lxd --group sudo


LXD, similar to other container managers provides a UNIX socket for local communication.

WARNING: Anyone with access to that socket can fully control LXD, which includes the ability to attach host devices and filesystems, this should therefore only be given to users who would be trusted with root access to the host.

When listening on the network, the same API is available on a TLS socket (HTTPS), specific access on the remote API can be restricted through Canonical RBAC.

More details are available here.

Getting started with LXD

Now that you have LXD running on your system you can read the getting started guide or go through more examples and configurations in our documentation.

Bug reports

Bug reports can be filed at:


Fixes and new features are greatly appreciated but please read our contributing guidelines first.

Support and discussions


A discussion forum is available at:


We use the LXC mailing-lists for developer and user discussions, you can find and subscribe to those at:


If you prefer live discussions, some of us also hang out in #lxcontainers on


How to enable LXD server for remote access?

By default LXD server is not accessible from the networks as it only listens on a local unix socket. You can make LXD available from the network by specifying additional addresses to listen to. This is done with the core.https_address config variable.

To see the current server configuration, run:

lxc config show

To set the address to listen to, find out what addresses are available and use the config set command on the server:

ip addr
lxc config set core.https_address

When I do a lxc remote add over https, it asks for a password?

By default, LXD has no password for security reasons, so you can't do a remote add this way. In order to set a password, do:

lxc config set core.trust_password SECRET

on the host LXD is running on. This will set the remote password that you can then use to do lxc remote add.

You can also access the server without setting a password by copying the client certificate from .config/lxc/client.crt to the server and adding it with:

lxc config trust add client.crt

How do I configure LXD storage?

LXD supports btrfs, ceph, directory, lvm and zfs based storage.

First make sure you have the relevant tools for your filesystem of choice installed on the machine (btrfs-progs, lvm2 or zfsutils-linux).

By default, LXD comes with no configured network or storage. You can get a basic configuration done with:

    lxd init

lxd init supports both directory based storage and ZFS. If you want something else, you'll need to use the lxc storage command:

lxc storage create default BACKEND [OPTIONS...]
lxc profile device add default root disk path=/ pool=default

BACKEND is one of btrfs, ceph, dir, lvm or zfs.

Unless specified otherwise, LXD will setup loop based storage with a sane default size.

For production environments, you should be using block backed storage instead both for performance and reliability reasons.

How can I live migrate a container using LXD?

Live migration requires a tool installed on both hosts called CRIU, which is available in Ubuntu via:

sudo apt install criu

Then, launch your container with the following,

lxc launch ubuntu $somename
sleep 5s # let the container get to an interesting state
lxc move host1:$somename host2:$somename

And with luck you'll have migrated the container :). Migration is still in experimental stages and may not work for all workloads. Please report bugs on lxc-devel, and we can escalate to CRIU lists as necessary.

Can I bind mount my home directory in a container?

Yes. The easiest way to do that is using a privileged container to avoid file ownership issues:

1.a) create a container.

lxc launch ubuntu privilegedContainerName -c security.privileged=true

1.b) or, if your container already exists.

lxc config set privilegedContainerName security.privileged true
  1. then.
lxc config device add privilegedContainerName shareName disk source=/home/$USER path=/home/ubuntu

How can I run docker inside a LXD container?

In order to run Docker inside a LXD container the security.nesting property of the container should be set to true.

lxc config set <container> security.nesting true

Note that LXD containers cannot load kernel modules, so depending on your Docker configuration you may need to have the needed extra kernel modules loaded by the host.

You can do so by setting a comma separate list of kernel modules that your container needs with:

lxc config set <container> linux.kernel_modules <modules>

We have also received some reports that creating a /.dockerenv file in your container can help Docker ignore some errors it's getting due to running in a nested environment.

Hacking on LXD

Directly using the REST API

The LXD REST API can be used locally via unauthenticated Unix socket or remotely via SSL encapsulated TCP.

Via Unix socket

curl --unix-socket /var/lib/lxd/unix.socket \
    -H "Content-Type: application/json" \
    -X POST \
    -d @hello-ubuntu.json \


TCP requires some additional configuration and is not enabled by default.

lxc config set core.https_address "[::]:8443"
curl -k -L \
    --cert ~/.config/lxc/client.crt \
    --key ~/.config/lxc/client.key \
    -H "Content-Type: application/json" \
    -X POST \
    -d @hello-ubuntu.json \

JSON payload

The hello-ubuntu.json file referenced above could contain something like:

    "source": {
You can’t perform that action at this time.