[lxc-users] Multitenant & baremetal with LXD
Rahul Rege
rahul.rege at sungardas.com
Mon Mar 7 17:55:39 UTC 2016
Hi,
While this is not a question specifically for LXC/LXD, I thought I'd ask to
get the general opinion about the multi-tenancy and its support in LXD (the
nova-compute for same already gives some good ground).
Its my understanding from the general reading that the Linux kernel is not
made for multitenancy, so if I am to implement a solution with say LXD to
run on baremetal servers, ideally I cannot put different customers
containers on the same host because of the potential security issues (I
fully don't understand what those are)
While different security techniques like Apparmor, selinux and some
capability restriction can achieve what we want ultimately, I wanted to
understand if people are generally doing it with LXD or would potentially
do it OR ultimately it'd follow the pattern of running them on the VMs
which provide the needed isolation.
Companies like Joyent with their Triton containers do it I believe and
claim some really awesome performance with their SmartOS as the special os.
PS - This might be a well known consideration in container world, so pardon
me if this is something trivial and already discussed.
Thanks
Rahul Rege
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160307/b4720118/attachment.html>
More information about the lxc-users
mailing list