Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Posted Nov 15, 2012 19:48 UTC (Thu) by glommer (subscriber, #15592)
There are many things that mainline Linux lacks. One of them, is the kernel memory limitation described in the article, that allows the host to protect against abuse from potentially malicious containers. It is trivial for a container to fill the memory with non-reclaimable objects, so no one else can be serviced.
User namespaces are progressing rapidly, but they are not there yet. Eric Biederman is doing a great job with that, patches are flowing rapidly, but you still lack a fully isolated capability system.
The pseudo file-systems /proc and /sys will still leak a lot of information from the host.
Tools like "top" won't work, because it is impossible to grab per-group figures of cpu usage. And this is not an extensive list.
So if "production" for you rely on any of the above, then no, you can't run LXC. If otherwise, then sure, you can run LXC.
Besides that, a lot of the kernel features that LXC relies on, were contributed for the OpenVZ project. So it is not like we're trying to fork the kernel, and keep people on our branch forever. It's just a quite big amount of work, the trade offs are not always clear for upstream, etc - It is no difference than Android in essence.
The ultimate goal, as stated in the article, is to have all the kernel functionality in mainline, so people can use any userspace tool they want.
Posted Nov 16, 2012 12:29 UTC (Fri) by TRS-80 (subscriber, #1804)
Posted Nov 22, 2012 15:12 UTC (Thu) by mathstuf (subscriber, #69389)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds