On Thu, May 10, 2012 at 8:19 PM, Đỗ Hoàng Khiêm <dohoangkh...@gmail.com> wrote: > Thanks Fajar, > > I admit that something is not really clear in my description, but it seems > that you misunderstood what I mean. > My web application is just an entry point to receive application (in fact, > script code) and execution request, the web application doesn't need to run > inside an isolated environment, but the user application (code, for example > a python script) which client submit to my system needs it. Each python > script will be executed in an isolated environment, independently of each > other or my main web application.
That makes more sense. > And a Lxc probably what I need to achieve > that goal? > > Does it make sense? Possibly. I actually think you'd probably need something similar to Ubuntu's build farm. To achieve best isolation and security, you can create a fresh environment (either using lxc template script, or using a tar/filesystem/snapshot template) for each submitted script, and then run it. I'd say ignore lxc-execute, it's too much hassle to get to work properly for now. Instead, you could make sure that the script is started automatically (e.g. put in rc.local), and start the container normally with lxc-start. After it finished running, destroy the container completely. Of course that's just one option, not the ONLY option. -- Fajar ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
