On Jan 30, Adam Borowski <kilob...@angband.pl> wrote: > lxc wasn't anywhere near feature parity with vserver/openvz then. And it still isn't.
> It would be nice to have some documentation about how lxc is different from > them, and how to work around bugs and limitations. I for one spent ~10 Let's start with this: in its current form, it is not designed to protect the host system from an untrusted root user in a guest. So far lxc is nice for testing, but not much more. http://blog.bofh.it/debian/id_413 > * how to execute a command in a running VM? lxc-execute complains that the Lack of something like VE_ENTER also makes it unsuitable for me. > container is busy, forcing it results in processes in both sessions not > seeing each other (ie, they end up in different cgroups instead of > entering the existing one). AFAIK there is still no way to attach a process to an existing cgroup, so you need to have a sshd in the guest. -- ciao, Marco
signature.asc
Description: Digital signature
