Re: [Openstack] openstack libvirt lxc
On Tue, Aug 21, 2012 at 10:19:34AM +0800, 廖南海 wrote: Who use the lxc virtual machine? Please give me some advices? My advice would be not to use LXC since, as it exists today, it is not secure. ie root within the container can break out compromise the entire host. This is not really the fault of OpenStack, but rather the fact that the Linux kernel container support is still under development and does not provide all the pieces required to form a secure solution. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] openstack libvirt lxc
On 08/21/2012 03:19 AM, 廖南海 wrote: Who use the lxc virtual machine? Please give me some advices? I encountered some problems. Thank you! Essex had some fundamental issues with LXC, that are addressed with: https://review.openstack.org/#/c/10962/ thanks, Pádraig. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] openstack libvirt lxc
On 08/21/2012 04:15 AM, Daniel P. Berrange wrote: On Tue, Aug 21, 2012 at 10:19:34AM +0800, 廖南海 wrote: Who use the lxc virtual machine? Please give me some advices? My advice would be not to use LXC since, as it exists today, it is not secure. ie root within the container can break out compromise the entire host. This is not really the fault of OpenStack, but rather the fact that the Linux kernel container support is still under development and does not provide all the pieces required to form a secure solution. Daniel This is all true, but depending on your environment and the level of trust you give to your users, this might not be an issuealso if you are testing on ARM server, this is all you have for now ;) -Robbie -- Robbie Williamson rob...@ubuntu.com robbiew[irc.freenode.net] Don't make me angry...you wouldn't like me when I'm angry. -Bruce Banner ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] openstack libvirt lxc
Who use the lxc virtual machine? Please give me some advices? I encountered some problems. Thank you! -- Never stop touch forever! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
