On Thu, May 10, 2012 at 3:51 PM, Đỗ Hoàng Khiêm <dohoangkh...@gmail.com> wrote: > Yes, I think it needs a new process for each request serving. > > In overall, I have a web application, it receives the application scripts > and execution requests from clients then try to execute it on the server > side. So I think that each request is isolated and I want to try the ability > to execute these requests in a sandbox environment.
IMHO you need to define your requirements more. Then break it down to distinct components that each can be fulfilled by a software solution. Possibly study more about each components. If you simply want "an isolated environment for a web application", there are other ways to achieve this, which is more efficient than lxc. For example, if your web application uses php, simply using php-fpm plus its chroot feature, running as a a distinct normal user (i.e. not root, not the webserver user, and not the same as user for other web applications) should be sufficiently secure while still having the performance of a fcgi application. -- Fajar ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
