"A new approach to user namespaces"
"user namespace enhancements for Linux 3.5-rc1"
Wouldn't that help to make it rootsave ? As you called it.
I think the real reason why LXC isn't such a complete solution yet, is because what goes into the kernel has to be maintained for a very long time and LXC will end up "virtualizing" a lot of parts of the kernel, so the developers want to only allow small/understandable changes each time.
It's the reason Linux V-Server, OpenVZ and I believe there was an other ? aren't already part of the kernel. The developers would never allow one big patch to add such functionality.
So every in-kernel API needs to be proposed and tweaked until it is ready and allowed into the kernel.
The theory is that each part will be better and more generalized than the independently developed ideas. If I'm not mistaken, LXC can already do a lot of things OpenVZ can't.
This takes time, but with almost each release it gets closer to 100%.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds