OpenSolaris governing board threatens dissolution (The H)
OpenSolaris governing board threatens dissolution (The H)
Posted Jul 15, 2010 17:45 UTC (Thu) by captrb (guest, #2291)In reply to: OpenSolaris governing board threatens dissolution (The H) by Cyberax
Parent article: OpenSolaris governing board threatens dissolution (The H)
I have not tried Linux Containers that I recall.
I have not tried Virtuozzo, but I think that I tried OpenVZ and it didn't offer the networking functionality that I needed.
Posted Jul 15, 2010 19:05 UTC (Thu)
by drag (guest, #31333)
[Link]
It's designed to be somewhat generic so it's functionality can be used by a number of different virtualization solutions.
Resource management is done through Linux control groups and you can delegate control of the LXC containers to users based on 'POSIX' file system-based capabilities.
Namespace isolation can be used to create a full container or it can be used to 'sandbox' applications by using namespace isolation selectively. Such as providing a unique directory tree for my browser so it cannot read or write to my home directory.
When combined with MAC policy solutions like SMACK or SELinux you can use it with LXC to provide high levels of security.
-----------------------------------
LXC is still relatively immature. It works and is stable from what I can tell, but it's not been around long enough.
Redhat will include LXC (along with BTRFS) with Redhat ES 6 as a sort of 'technology preview' type thing. (that is turned off by default) I expect they plan to add default support for BTRFS and LXC in future ES 6 revisions and thus they can maintain forward and backwards compatibility.
-----------------------------------
I never had problems with LXC networking that you talked about with OpenVZ. I don't think that this is a limitation to OpenVZ then. It may be a lack of documentation issue. I don't know.
This is a significant problem with most Linux stuff.
OpenSolaris governing board threatens dissolution (The H)