Is it 100% secure by default without access to host network and file system? Can I run it with a normal user with root privileges?
I'm trying to follow the man page but there are some things which are not clear. What levels are available for level=LEVEL in SECURITY-OPTIONS? When it says that the contents of host and guest folders are indistinguishable, does it means that I can edit host files from the guest when setting -B? http://rpm.pbone.net/index.php3/stat/45/idpl/19820275/numer/1/nazwa/virt-sandbox On Mon, Jan 28, 2013 at 4:44 PM, Daniel P. Berrange <berra...@redhat.com>wrote: > On Mon, Jan 28, 2013 at 04:38:13PM +0200, pablo platt wrote: > > I'm considering using virt-sandbox with lxc to sandbox and execute > > untrusted code like python scripts and compiled C code. > > Is it possible to limit CPU and Memory like is possible with lxc-execute > > and a config file? > > At this time, we've not wired up resource limits via the libvirt sandbox > package. Currently the focus has been on securing the containers to prevent > them doing bad things to the host. Resource constraints as a todo item. > > > What's the difference between lxc-execute and libvirt-sandbox? > > LXC execute is a standalone tool from the LXC sf.net project which > has nothing todo with libvirt. libvirt-sandbox is a sandbox technology > built ontop of libvirt, which is able to create sandboxes across various > virtualization technologies, currently LXC, KVM and QEMU. > > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| > |: http://libvirt.org -o- http://virt-manager.org:| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| >
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
