[lxc-devel] PAM-module for adhoc creation of container

"Axel Schöner" axel.schoener at gmx.de
Fri Sep 2 19:18:03 UTC 2011


Hello,

i need some feedback and suggestions for this project. If there are 
similar solutions please let me know.

I want to build a solution for creating and starting a container on user login 
(via ssh or shell). The user should be redirected inside a container as root 
to a bash. I know there is a PAM-module (pam-netns) for creating a network in 
a separated namespace when a user logs in. I think it should be possible to 
realize my goals based on this module.

I see the following options to implement this:
1. Using the LXC-Package and the corresponding comandline-tools ( lxc-create, 
lxc-destroy, lxc-execute... ).
2. Working with the LXC-Library.

Which approach would be more liked by the LXC-community?
1. Would avoid permanent patching the module when there is a new LXC version.
2. Would make it independent from the actual LXC version to avoid upgrading 
systems to problematic versions. More flexibility to manage the cgroups: 
multiple login by a single user could be subgrouped to limit resources by 
users.


Possible usage scenarios:

Simple solution for educational practice:
1. Students/user can login with their existing LDAP-Account and can work with 
a root-account in a container. (login -> container creation, logout -> 
container destroy)
2. Same scenario, but with permanent storage to realize some projects.

Simple solution to offer containers for customers:
By creating a template for different types of container ( limits ) and grouping 
the users to different user-groups, a pam-module can differ which template 
should be used for a specific container.
Based on this fact it should be possible to offer system-container or container 
for services, like FTP, ssh, webserver... .
( For these scenarios, there would be some extra work todo: autostart after 
reboot, generate configurations for the users for fixed IP's... )

The advantages are:
No preparation time for creating instances( create guests, create accounts, 
setting up the network... ).
Only one Linux installation has to be prepared.
Only necessary instances run at a given time.


Possible solutions for the storage:
The storage for such a scenario could be realized with BTRFS OR AUFS to 
minimize the needed space and make it easy to create and destroy the rootfs 
for the instances.


Thanks for replies.
Axel Schöner




More information about the lxc-devel mailing list