<div dir="ltr"><div>LXC is already stable and tested. But since most lxc features requires modern kernel, till recently it was hard to setup newer lxc.</div><div> </div>I have run zones and openvz in past, im using LXC at staging/testing environments (this is more due to the fact that we are on older kernel in production). Heroku, one of the most popular PaaS provider, runs lxc to power ruby on rails and lot other stuff. PaaS and any CI services (like travis) that executes arbitrary code are perfectly suitable for containers. But securing them was bit difficult , and generally tackled on the app/tooling side (like run ruby with safe level, or dont expose containers as VMs etc). With 3.11+ kernel you can run lxc as normal users, which will further the tooling required. Also with ubuntu 14.04 , getting new lxc is as simple as any other package.<div>
Theoretically you can kill a host by a rouge container, (like if a container is running in privileged mode, or without proper cgroup settings) but that risk is exactly same as running any other process and your mitigation strategy should be same. If you are exposing container as a vm where end users will be given root access, you have to do the highest amount of work, while if all you are doing is putting a known software (like your own app code) inside a container and expose the service (haproxy, nginx even raw iptables) it should relatively easy.</div>
<div><br></div><div>hope this help,</div><div>ranjib</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jul 13, 2014 at 8:37 AM, Martín Cigorraga <span dir="ltr"><<a href="mailto:martincigorraga@gmail.com" target="_blank">martincigorraga@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Good day,<div><br></div><div>Oracle... when not!</div><div>I'm a newbie to LxC too, I've been running it on my home and office for about a 4 months now and I can only say it rocks.</div>
<div>Of course one important thing - and may be the most important at all [0] - is that the kernels you run inside the containers SUPPORTS cgroups and the other technologies required by LxC.</div>
<div>Said that, for the sake of usability I just switched to Doker+LxC a few days ago and I love it, for me Docker act as the perfect front-end to the excellent LxC.</div><div><br></div><div>Cheers!</div><div><br></div><div>
[0] Knowledgeable people please step in to clarify this point!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jul 12, 2014 at 2:41 PM, AT <span dir="ltr"><<a href="mailto:unixlist-lxc@yahoo.com" target="_blank">unixlist-lxc@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:10pt">
<div><span>Hi everyone,</span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<br><span></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span>I am VERY new to the LXC tools, though not to similar technologies such as Solaris Zones, or FreeBSD jails. <br></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span><br></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span>Being new to LXC, I have been reading up on various posts around the web: s</span><span>ome time back I read an Oracle blog stating that combining different versions of Linux distributions, in different containers, can crash the kernel, if one of the containers experiences a crash. <a href="https://blogs.oracle.com/OTNGarage/entry/linux_containers_part_1_overview" target="_blank">Linux-Containers — Part 1: Overview (OTN Garage)</a></span></div>
<div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal"><span><br></span></div>
<div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal"><span>This posting is from 2013, but can anyone talk about stability of LXC in general? I by no means want to start a war etc., but technologies such as FreeBSD Jails or Solaris Zones are pretty well-understood, and have been in use for many years in real production settings. Generally, it is agreed (at least in theory and I've never heard cases stating otherwise) that any Jail or Zone which crashes will not bring down the
host-OS. <br></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span><br></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span> Apologies in advance if I just need to be pointed to previous mailing list discussions, any info appreciated. I just joined the list a few days ago, and this is my first post. <br></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<br><span></span></div><div style="color:rgb(0,0,0);font-size:13.3333px;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;background-color:transparent;font-style:normal">
<span><br></span></div><div style="width:450px;font-family:'Georgia','Times','Times New Roman','serif';margin-top:5px;margin-bottom:5px"><table style="width:450px;height:170px;display:block" cellpadding="0" cellspacing="0" border="0">
<tbody><tr><td colspan="8" style="height:1px;background-color:#e5e5e5;font-size:1px;border-collapse:collapse"><div style="min-height:1px;background-color:#e5e5e5;font-size:1px;line-height:0px"> </div></td></tr><tr><td rowspan="5" style="width:1px;background-color:#e5e5e5;font-size:1pt;border-collapse:collapse">
<div style="width:1px;background-color:#e5e5e5;font-size:1pt"> </div></td><td rowspan="5" style="vertical-align:middle;width:168px;height:168px;background-color:#000000;border-collapse:collapse"><div style="width:168px" align="center">
<a href="https://blogs.oracle.com/OTNGarage/entry/linux_containers_part_1_overview" style="text-decoration:none!important;color:#000000!important" target="_blank"><img alt="image" src="https://blogs.oracle.com/OTNGarage/resource/Phil-Parker-Containers-5987288907.jpg" style="display:block;margin:auto" height="95" width="168"></a></div>
</td><td rowspan="5" style="width:1px;background-color:#e5e5e5;font-size:0pt;border-collapse:collapse"><div style="width:1px;background-color:#e5e5e5;font-size:1pt"> </div></td><td rowspan="5" style="width:14px;background-color:#ffffff;font-size:0pt;border-collapse:collapse">
<div style="width:14px;background-color:#ffffff;font-size:14pt"> </div></td><td colspan="2" style="height:6px;background-color:#ffffff;font-size:0pt;border-collapse:collapse"><div style="min-height:6px;background-color:#ffffff;font-size:6pt">
</div></td><td rowspan="5" style="width:20px;background-color:#ffffff;font-size:0pt;border-collapse:collapse"><div style="width:20px;background-color:#ffffff;font-size:20pt"> </div></td><td rowspan="5" style="width:1px;background-color:#e5e5e5;font-size:1pt;border-collapse:collapse" width="1">
<div style="width:1px;background-color:#e5e5e5;font-size:1pt"> </div></td></tr><tr><td colspan="2" style="width:100%;vertical-align:middle;font-family:'Georgia','Times','Times New Roman','serif'">
<div style="line-height:16.5px;background-color:#ffffff;min-height:135px;width:245px"><div style="word-wrap:break-word;word-break:break-all"><span></span><span></span><a href="https://blogs.oracle.com/OTNGarage/entry/linux_containers_part_1_overview" style="text-decoration:none!important;color:#000000!important;line-height:100%;font-size:18px;display:block" target="_blank"><span style="margin:0;font-weight:normal;margin-bottom:3px;font-size:18px;line-height:21px;max-height:43px;color:#000000;overflow:hidden!important;display:inline-block">Linux-Containers — Part 1: Overview (OTN Garage)</span></a><div style="font-size:13px;line-height:20px;color:#999999;max-height:81px;font-family:'Georgia','Times','Times New Roman','serif';overflow:hidden">
<a href="http://Blogs.Oracle.Com" target="_blank">Blogs.Oracle.Com</a> - OTN
Garage</div></div></div></td></tr><tr><td colspan="2" style="height:4px;background-color:#ffffff;font-size:0pt;border-collapse:collapse"><div style="min-height:4px;background-color:#ffffff;font-size:4pt"></div></td></tr>
<tr><td style="vertical-align:middle;font-family:'Arial','Helvetica Neue','Helvetica','sans-serif'"><div style="font-size:0pt"><a href="https://blogs.oracle.com/OTNGarage/entry/linux_containers_part_1_overview" style="color:black;text-decoration:none!important" target="_blank"><span style="display:inline-block;line-height:11px;max-width:145px;min-width:85px;overflow:hidden;max-height:13px;word-break:break-all"><span style="vertical-align:middle;font-size:9px;line-height:11px;color:#999999">View on <span style="font-weight:bold">blogs.oracle.com</span></span></span></a></div>
</td><td style="vertical-align:middle;width:100px;font-family:'Arial','Helvetica Neue','Helvetica','sans-serif'"><div style="max-width:100px;min-width:80px;overflow:hidden;text-align:right;line-height:11px;max-height:13px;font-size:0pt">
<span style="vertical-align:middle;font-size:9px;line-height:11px;color:#999999">Preview by Yahoo</span></div></td></tr><tr><td colspan="2" style="height:9px;background-color:#ffffff;font-size:0pt;border-collapse:collapse">
<div style="min-height:9px;background-color:#ffffff;font-size:9pt"></div></td></tr><tr><td colspan="8" style="height:1px;background-color:#e5e5e5;font-size:1px;border-collapse:collapse"><div style="min-height:1px;background-color:#e5e5e5;font-size:1px;line-height:0px">
</div></td></tr></tbody></table></div><div><br></div><div><br></div></div></div><br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><span class="HOEnZb"><font color="#888888"><br></font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br>
<br clear="all"><div><br></div>-- <br><div dir="ltr">-Martin</div>
</font></span></div>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div><br></div>