[lxc-users] [Help]LXD:point of differentiation. please answer my question
Fajar A. Nugraha
list at fajar.net
Sat Feb 20 15:17:01 UTC 2016
On Sat, Feb 20, 2016 at 2:39 PM, 디케이 <zuntong at gmail.com> wrote:
> But, until now, There are some parts that I can't yet understand.
>
>
The devs would probably give you more detailed answers, but here are some
answers from a fellow user:
*[Q1]* I read that "LXD container provides a full OS environment within
> container."
>
>
Specifying exactly WHERE you read that would've been nice, so that others
can follow the context.
*Before LXD, Does LXC have already provided full OS environment?? *
>
yes
> *What is the main reason that LXD provides a full OS environment
> in comparison with lxc and zone??*
>
>
all three provides full OS environment. As does openvz, which uses similar
methods.
Again, it would've been nice if you wrote the reference where you read
that. My guess is that statement SPECIFICALLY compares lxc/lxd to docker.
*[Q2]* *where can I get LXD manual? I have found a just few "get started
> webpage"*
>
Probably because it hasn't had a "stable" (as in, v >=1, not beta) release
yet. Some documentations are probably haven't even been completed yet.
The man pages should be included in ubuntu 16.04. In the mean time, AFAIK
your best bet is:
- make sure latest version is installed (e.g. compile yourself from git, or
use https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/lxd-stable)
- run "man lxc", "lxc", and "lxc config"
- read sources from the github project page, https://github.com/lxc/lxd
I want to get "how to configure resource management",
>
how to assign block device and volume, how to connect container to
> outside and about configuraiotn files...
>
https://github.com/lxc/lxd/blob/master/specs/configuration.md
https://github.com/lxc/lxd/tree/master/specs
> *[Q3]* LXD container can not servcie itself by own funtion?
>
> *It means LXD container must use other tool like a SDN,
> openstack??*
>
> * (Docker can uses unixsocket, tcpsocket for service with other
> hosts, Docker does not need SDN*)
>
>
>
Have you used "lxc - The container hypervisor - client" (i.e. /usr/bin/lxc)
? It's part of lxd-client package.
> *[Q4] *All container technology use a host's kernel features (cgroup,
> namespace. etc...)
>
> I know LXD also use host's kernel features.
>
> So VM like a virtubalbox, vmware can support better isolation and
> security than container.
>
> because VMs have own kernel and VMs does not share kernel resource.
>
> * If so, How can LXD provide support better security and isolation
> than other container technology?? *
>
> * How can LXD be called linux hypervisor in comparison with other
> container(lxc, solaris zone)????.*
>
> * ( I know that LXD uses LXC, However I want to distinguish beween LXD
> new features and LXC origin feautre that have continued to support
> before.)*
>
>
Start by reading https://linuxcontainers.org/lxd/introduction/
When it comes to security and such, lxd and lxc are pretty much the same.
Using lxd in UBUNTU should provide better security and isolation OUT OF THE
BOX compared to other container/distro combo because:
- it uses unprivileged containers by default. "root" inside the container
is simply a normal (i.e. unprivileged, non-root) user from the "host"
perspective, thus minimizing lots of potential security issues
- it has apparmor active and correctly-configured by default
Note that you could achieve similar effects on other distros (e.g. libvirt
containers on fedora), just not (currently) out of the box.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160220/a9ac8b49/attachment.html>
More information about the lxc-users
mailing list