Hello, i need some feedback and suggestions for this project. If there are similar solutions please let me know.
I want to build a solution for creating and starting a container on user login (via ssh or shell). The user should be redirected inside a container as root to a bash. I know there is a PAM-module (pam-netns) for creating a network in a separated namespace when a user logs in. I think it should be possible to realize my goals based on this module. I see the following options to implement this: 1. Using the LXC-Package and the corresponding comandline-tools ( lxc-create, lxc-destroy, lxc-execute... ). 2. Working with the LXC-Library. Which approach would be more liked by the LXC-community? 1. Would avoid permanent patching the module when there is a new LXC version. 2. Would make it independent from the actual LXC version to avoid upgrading systems to problematic versions. More flexibility to manage the cgroups: multiple login by a single user could be subgrouped to limit resources by users. Possible usage scenarios: Simple solution for educational practice: 1. Students/user can login with their existing LDAP-Account and can work with a root-account in a container. (login -> container creation, logout -> container destroy) 2. Same scenario, but with permanent storage to realize some projects. Simple solution to offer containers for customers: By creating a template for different types of container ( limits ) and grouping the users to different user-groups, a pam-module can differ which template should be used for a specific container. Based on this fact it should be possible to offer system-container or container for services, like FTP, ssh, webserver... . ( For these scenarios, there would be some extra work todo: autostart after reboot, generate configurations for the users for fixed IP's... ) The advantages are: No preparation time for creating instances( create guests, create accounts, setting up the network... ). Only one Linux installation has to be prepared. Only necessary instances run at a given time. Possible solutions for the storage: The storage for such a scenario could be realized with BTRFS OR AUFS to minimize the needed space and make it easy to create and destroy the rootfs for the instances. Thanks for replies. Axel Schöner ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
