LXC containers allow you to start VMs sharing the currently running kernel similar to BSD's jails. HOWEVER, unlike jails, if you have root access to a LXC container, you have root access to the host machine.

Locations

Resources
/usr/share/lxc/templates	lxc setup templates for various Distros
Containers
/var/lib/lxc/CONTAINER_NAME	container location
/var/lib/lxc/CONTAINER_NAME/config	container config
/var/lib/lxc/CONTAINER_NAME/rootfs	container filesystem

Install

sudo pacman -S lxc arch-install-scripts bridge-utils
packer -S yum																#if using centos containers
packer -S debootstrap													#if using debian

Usage

lxc-create -n NAME -t TEMPLATE       # create container

lxc-ls                               # list containers
lxc-ls --active                      # list running containers

lxc-start -n NAME                    # start container
lxc-start -n NAME -d                 # start container in background
lxc-attach -n NAME                   # start shell in container running in background

Network Setup

# the Arch lxc scripts expect a network bridge ('br0'). 
# Rather than creating several bridges for several OS's, we'll create
# a single bridge, and use that as a gateway for the containers

#### /etc/netctl/lxbridge
Description="LXC Bridge"
Interface=br0
Connection=bridge
BindsToInterfaces=(eth0)		## !!!! I've had a very difficult time with this, if not working, try removing the interface it binds to.
IP=static
Address=10.0.0.1/24
SkipForwardingDelay=yes
####

su
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables-save > /etc/iptables/iptables.rules

sudo netctl reenable lxcbridge					#load config (reenable is necessary for config changes)
sudo netctl start  lxcbridge						#(re)start lxcbridge
ifconfig br0											#check br0 status

ip addr																						#check available interfaces

su																									#su is necessary for saving iptables. Cannot be sudo
systemctl enable iptables																	#enable iptables rule-loading on boot
iptables -t nat -A POSTROUTING -s 10.0.0.100 -o wlp3s0  -j MASQUERADE		#allow a specific ip address access to external internet
iptables -t nat -A POSTROUTING -s 10.0.0.100 -o enp0s25 -j MASQUERADE		#you'll want to do this for each interface on the host that will
iptables -t nat --list																		#confirm that both of your iptables rules are shown
iptables-save > /etc/iptables/iptables.rules											#be connecting to the internet. These are just firewall rules
																									#all of the binding is done with the bridge.

#### /etc/sysctl.d/40-ip-forward.conf
net.ipv4.ip_forward=1																			# Allow IP forwarding in netctl
####
sudo sysctl net.ipv4.ip_forward=1															# Allow IP forwarding in netctl in current session

Create Container

lxc-checkconfig										#check Kernel capabilities (UserNameSpace should be only missing)
ls /usr/share/lxc/templates 						#view available templates. Don't use the 'lxc-' prefix when creating
sudo lxc-create -n mayadb -t centos				#create VM
sudo systemctl enable lxc@mayadb.service		#start container on boot

#### /var/lib/lxc/mayadb/config
lxc.network.type=veth
lxc.network.link=br0
lxc.network.ipv4=10.0.0.100						#choose an IP for Container
lxc.network.ipv4.gateway=10.0.0.1				#choose network bridge
lxc.network.flags=up
lxc.network.name=eth0
lxc.network.mtu=1500
####

iptables -t nat -A POSTROUTING -s 10.0.0.100 -o wlp3s0  -j MASQUERADE		#allow a specific ip address access to external internet
iptables-save > /etc/iptables/iptables.rules											#be connecting to the internet. These are just firewall rules
																									#all of the binding is done with the bridge.

lxc-start  -n mayadb 								#start VM
    OR
lxc-start   -n mayadb -d                     #start VM in background
lxc-console -n mayadb								#get a TTY from container

login as root
chroot /var/lib/lxc/mayadb/rootfs; passwd		#reset root password from outside jail