I'm writing a web application that runs untrusted user code (python scripts uploaded as strings through a web form) and I'm trying to understand whether LXC is the right tool for the job:
- I need to prevent user code from tampering with the server on which it's running. Mostly I want to isolate the user code within some filesystem, and restrict access to network ports and a few other system resources. - Latency is very important to me. I want to receive some user code, do whatever setup is required, run the code, and do whatever teardown is required all within ~100ms. - I do _not_ need to support different operating system. In fact ideally I would like to have the python interpreter and the whole python environment live on the host OS, not within the container. I would (ideally) launch the python interpreter in the host OS and then isolate it within an LXC container before running the user code. Or something like this. I understand that what I'm trying to do is not exactly a typical containerization scenario. Is LXC a good fit for me? Can you suggest how I could use LXC to achieve the above? Thanks! Alex
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
