[Lxc-users] How much LXC is secure?
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Nov 11 21:50:38 UTC 2013
Quoting Tamas Papp (tompos at martos.bme.hu):
>
> On 11/11/2013 10:23 PM, Serge Hallyn wrote:
> > You can get the support either from ppa:ubuntu-lxc/kernel, or by
> > installing the trusty kernel. The trusty kernel has had some issues
> > until last week (including upstream bugs), but I think it should be
> > usable now.
>
>
> I probably will wait until the release of Trusty or even more.
> Both for safety and zfs support.
>
> But I'm happy to read, that you guys are working on the support of this
> important part of the concept.
>
> tamas
>
> ps.: A couple of months or years(?) ago there was a patch that was
> submitted to the upstream, which made it possible to limit number of
> processes in containers (against forkbombs). Is there any news about it?
Last I knew that was (inappropriately, IMO) nacked.
Currently there is the kernel memory cgroup control, but I think we need
more fine-grained controls, including nrtasks and nrmounts.
-serge
More information about the lxc-users
mailing list