Thanks Fajar,<br><br>I admit that something is not really clear in my description, but it seems that you misunderstood what I mean. <br>My web application is just an entry point to receive application (in fact, script code) and execution request, the web application doesn't need to run inside an isolated environment, but the user application (code, for example a python script) which client submit to my system needs it. Each python script will be executed in an isolated environment, independently of each other or my main web application. And a Lxc probably what I need to achieve that goal?<br>
<br>Does it make sense? <br><br><div class="gmail_quote">On Thu, May 10, 2012 at 4:24 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Thu, May 10, 2012 at 3:51 PM, Đỗ Hoàng Khiêm <<a href="mailto:dohoangkhiem@gmail.com">dohoangkhiem@gmail.com</a>> wrote:<br>
> Yes, I think it needs a new process for each request serving.<br>
><br>
> In overall, I have a web application, it receives the application scripts<br>
> and execution requests from clients then try to execute it on the server<br>
> side. So I think that each request is isolated and I want to try the ability<br>
> to execute these requests in a sandbox environment.<br>
<br>
</div>IMHO you need to define your requirements more. Then break it down to<br>
distinct components that each can be fulfilled by a software solution.<br>
Possibly study more about each components.<br>
<br>
If you simply want "an isolated environment for a web application",<br>
there are other ways to achieve this, which is more efficient than<br>
lxc. For example, if your web application uses php, simply using<br>
php-fpm plus its chroot feature, running as a a distinct normal user<br>
(i.e. not root, not the webserver user, and not the same as user for<br>
other web applications) should be sufficiently secure while still<br>
having the performance of a fcgi application.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Fajar<br>
</font></span></blockquote></div><br>