[lxc-users] Overcommit and kernel isolation

[Serge Hallyn]

Quoting Bertrand Paquet (bertrand.paquet at gmail.com):
> Ok. Thx you for information.
> 
> It's very very dangerous :(

You at a very minimum should be using apparmor, selinux, or user namespaces.
Preferably user namespaces and one of apparmor or selinux.

-serge