title: Linux Containers created at: Mon Nov 25 2024 08:00:17 GMT+0000 (Coordinated Universal Time) updated at: Sat Feb 08 2025 14:22:50 GMT+0000 (Coordinated Universal Time) --- # Linux Containers # Overview !! Warning: !! WebPros International, LLC recommends that **only** experienced system administrators attempt to perform the steps in this document. WebPros International, LLC is **not** responsible for any data loss that an attempt to perform these steps causes. WebPros International, LLC supports the use of cPanel & WHM inside of a Linux Container (LXC). An LXC container provides an environment that resembles a standard Linux installation, but does **not** require a separate kernel. For more information about LXC containers, read the [Linux Containers](https://linuxcontainers.org/) documentation. # Run in a Linux Container To run cPanel & WHM inside an LXC container, we **strongly** recommend that you use the following settings: ## Host We **strongly** recommend that you use Red Hat Enterprise Linux (RHEL) 7 or CentOS 7 as your server’s LXC host. This configuration ensures the best compatibility with cPanel & WHM. While other Linux distributions may work, they require that the system administrator perform additional steps that we do **not** support. !! Warning: !! We have **not** tested LXC on [CloudLinux 8 or higher](https://docs.cpanel.net/installation-guide/system-requirements-cloudlinux/) , [AlmaLinux OS](https://docs.cpanel.net/installation-guide/system-requirements-almalinux/) , or [Rocky Linux](https://docs.cpanel.net/installation-guide/system-requirements-rockylinux/) servers. ## Guest A CentOS 7 or an RHEL 7 installation require additional steps to use as a guest. ## Privileged vs unprivileged containers cPanel & WHM functions in both privileged and unprivileged containers. We **strongly** recommend that you run cPanel & WHM in a privileged container, because it expects unrestricted access to the system. The following limitations are inherent to an unprivileged container: * The host operating system treats the `root` user as a non-`root` user. * You **cannot** raise the hard limit of a process if you previously lowered it. This action could cause EasyApache 4 to fail. * Subtle behavior differences may occur. ## Required changes for CentOS 7 or RHEL 7 You **must** make the following configuration changes to run cPanel & WHM inside an LXC container: 1. After you create the LXC container, change the `lxc.include` line in the `lxc.conf` file to the following line: ```javascript lxc.include = /usr/share/lxc/config/fedora.common.conf ``` 1. 2. Edit the `lxc.conf` file to drop `setfcap` and `setpcap` capabilities. To do this, comment out the following lines: ```javascript # lxc.cap.drop = setpcap # lxc.cap.drop = setfcap ``` !! Note: !! Some system configurations will **not** run properly with cron inside an LXC container. Individual cron jobs fail to execute even though the cron daemon is active. This issue is a direct result of the incompatibility between the container environment and the `pam_loginuid` module. !! To resolve this conflict, disable the `pam_loginuid` module for cron with the following comment in the `/etc/pam.d/crond` directory: !! `#` !! `# The PAM configuration file for the cron daemon` !! `#` !! `#` !! `# No PAM authentication called, auth modules not needed` !! `account required pam_access.so` !! `account include password-auth` !! `#session required pam_loginuid.so` !! `session include password-auth` !! `auth include password-auth` !! Updates to your cron package may cause the service to reactivate. Inspect this file for changes after each system update. ### AppArmor If your system uses [AppArmor](https://ubuntu.com/server/docs/security-apparmor) , you **must** also uncomment the following line in the `lxc.conf` file: AppArmor version 2.0 and earlier ```bash lxc.aa_profile = unconfined ``` AppArmor version 2.1 and later ```bash lxc.apparmor.profile = unconfined ```