[lxc-users] How about think to make build environment to use lxc?
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Apr 24 17:57:26 UTC 2015
Quoting Gyeongmin Kim (gyeongmintwo at gmail.com):
> Dear, All
>
> Have been using kvm or qemu to create build environment in my build system
> However, It's slow performance of the kvm or qemu
> So, Considering changing to lxc for to create the build environment
>
> But, build in opensuse (
> http://www.rpmfind.net//linux/RPM/opensuse/factory/armv7hl/noarch/build-20150317-1.1.noarch.html)
> said that 'This may be not 100% safe'
>
> $ build --help
> ...
> --lxc
> Use Linux Containers to isolate the process. This may not be
> 100% safe.
> ...
>
> Of course, guaranteed to be 100% safe be vary hard
> Why not safe for any reason to build environment ( including cross
> compilation) ?
It depends on how you configure the containers. If they are not using
a private user namespace, then they are quite a bit less safe. If they
are using lxc.id_map, seccomp, and apparmor or selinux, then you should
be quite safe - but certain things (software that wants to create devices
during build) will fail.
-serge
More information about the lxc-users
mailing list