Dear Jäkel, 2011/9/2 Jäkel, Guido <g.jae...@dnb.de>: > Dear Nico, > >>I mean lxc was integrated into 2.6.27 kernel, this is october 2008 >>!!!, nearly three years from now, into the >>stable branch, but is not usable in production in 2011 !! > > I'm not involved in lxc-dev yet, but to my knowledge you're using wrong > terms: Nothing of LXC is integrated into the kernel, but LXC uses "common" > features of the kernel like cgroup and other namespaces to ground it's > functionality on it. All of LXC itself is completely in userland.
My guess is security issues are inside the kernel itself (like rmmod, mount ro, tty problems), but you're right lxc is just an interface to cgroups. > If I may point you to another open issue: Just call 'free' or 'top' in an > container, it will show the view of the host. If you look at the sources of > the "pstools package", you'll find that there's absolute no proper kernel > interface to ask the memory usage. Instead, this tools will directly read out > some kernel structures. I don't know how openvz handles such things. Does it > fake such kernel memory accesses to the userland processes in different > namespaces? Even with lxc, "ps xua..." show only processes in the cgroup, so yes /proc is already "virtualized". You're right about "free" reporting host values with lxc, but it's done in openvz, and I don't know about vservers. What is the aim of lxc ?, to be just a toy ?, or to compare to bsdjails, solaris zones, openvz, vservers, aix lpar. Is cgroup just a toy to get Linus watching videos while compiling his kernel ?, or to be able to run containers ? I'm not able to code at this time, but I can report bugs, report missing user options, give some money, write doc, and ask how many time it will take to make this projet usable ? have a nice we ! Nicolas > Other projects like process grouping uses process namespaces, too. Will such > a patch be compatible with such another usecase? > > > Greetings > > Guido > ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
