[lxc-users] Running unprotected system container

Andrey Repin anrdaemon at yandex.ru
Mon Jun 15 14:49:25 UTC 2020


Greetings, Koehler!

> As indicated, the code that will run inside that container is our previous
> OS and if it does bad things, well, that means it was doing so previously so
> not a "bigger" issue than it was before.  Since if that works, we will move
> more towards snap we will then  have a better security system (AppArmor,
> SecComp, better app separation, etc) in place to remove trust for each app
> and get rid eventually of that container which purpose as indicated is to
> ease the transition and get some of the features we want from Ubuntu  Core
> in an early release, if we do get this to work.

If your intent is to run specifically **operating system**, then there's no way
around a virtual machine.

Containers is NOT the right choice for your task.


-- 
With best regards,
Andrey Repin
Monday, June 15, 2020 17:47:30

Sorry for my terrible english...



More information about the lxc-users mailing list