[Lxc-users] How much LXC is secure?

Serge Hallyn serge.hallyn at ubuntu.com
Mon Nov 11 21:50:38 UTC 2013


Quoting Tamas Papp (tompos at martos.bme.hu):
> 
> On 11/11/2013 10:23 PM, Serge Hallyn wrote:
> > You can get the support either from ppa:ubuntu-lxc/kernel, or by
> > installing the trusty kernel.  The trusty kernel has had some issues
> > until last week (including upstream bugs), but I think it should be
> > usable now.
> 
> 
> I probably will wait until the release of Trusty or even more.
> Both for safety and zfs support.
> 
> But I'm happy to read, that you guys are working on the support of this
> important part of the concept.
> 
> tamas
> 
> ps.: A couple of months or years(?) ago there was a patch that was
> submitted to the upstream, which made it possible to limit number of
> processes in containers (against forkbombs). Is there any news about it?

Last I knew that was (inappropriately, IMO) nacked.

Currently there is the kernel memory cgroup control, but I think we need
more fine-grained controls, including nrtasks and nrmounts.

-serge




More information about the lxc-users mailing list