LXC containers share the host kernel, start in 1–3 seconds, and consume far fewer resources than KVM VMs while providing sufficient isolation for most workloads.
Creating a Container
pveam update
pveam download local debian-12-standard_12.7-1_amd64.tar.zst
pct create 200 local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst --hostname mycontainer --rootfs local-lvm:8 --memory 512 --cores 1 --net0 name=eth0,bridge=vmbr0,ip=dhcp --unprivileged 1 --onboot 1
pct start 200
pct enter 200
Always use
--unprivileged 1 for secure isolation. Use features: keyctl=1,nesting=1 in the LXC config to run Docker inside containers.