[one-dev] OpenNebula LXC Addon

knawnd at gmail.com knawnd at gmail.com
Mon Oct 28 08:51:44 PDT 2013


If there is nostrong demand to use particular LXC then I would propose 
to have a look at such LXC alternative in terms of OS level 
virtualization as OpenVZ [1]and OpenVZ driver for OpenNebula 4.2 [2].


[1] http://openvz.org
[2] https://bitbucket.org/hpcc_kpi/opennebula-openvz/wiki/Home

Simon Boulet wrote on 28/10/13 19:42:
> Hi Valentin, James,
> On Sat, Oct 26, 2013 at 7:12 AM, Jaime Melis <jmelis at opennebula.org> wrote:
>> thanks a lot for the detailed recap of the opennebula-lxc situation! I'm
>> personally very interested in making lxc work with OpenNebula.
> I'm very interested in the LXC driver development as well. I don't
> have a lot of spare time at the moment though, but let me know if I
> can help.
>  From what I know of the OpenNebula XML representation passed to the
> drivers it should be enough for implementing a LXC driver, at least
> for the basic functionality.
>> There are also a lot of security considerations which I have not brought
>> in the discussion just yet. I have to do some more reading on this topic.
> One major concern I had 1-2 years ago when I looked at LXC was that it
> was possible for any root user inside a container to escape the
> container and gain root on the host as well [1][2]. I'm not sure of
> the status of these issues in LXC, but I've heard you can use SELinux
> to further limit LXC containers and prevent this.
> [1] http://blog.bofh.it/debian/id_413
> [2] http://seclists.org/oss-sec/2011/q4/158
> Simon
> _______________________________________________
> Dev mailing list
> Dev at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org

More information about the Dev mailing list