On Thu, 2013-10-24 at 22:16 +0800, Thomas Goirand wrote: > On 10/24/2013 06:46 PM, Ben Hutchings wrote: > > On Thu, 2013-10-24 at 11:59 +0200, Adam Borowski wrote: > >> On Thu, Oct 24, 2013 at 09:11:30AM +0100, Jonathan Dowland wrote: > >>> On Thu, Oct 24, 2013 at 02:09:46AM +0200, Adam Borowski wrote: > >>>> And I for one heavily use vservers > >>> > >>> It's a professional shame of mine that we are still trying to get rid of > >>> some old vserver instances at $WORK. > >> > >> lxc is still nowhere close to vserver (or openvz) functionality. > > [...] > > > > I'm not sure whether that's still true, but anyway: OpenVZ is in > > mainline Linux now. > > Oh, I'm surprised! I thought it would never get in, since we had LXC.
The mainline implementation of containers, which is made up of multiple types of control groups and namespaces, supports both LXC and OpenVZ (and Google's resource control, and systemd-nspawn, and yet other tools). > Thanks for sharing this info. How much of it is in? All of it? Or just a > subset? James Bottomley of Parallels talked about this in Edinburgh and said everything was in by 3.9. > > You'll need to wait for Linux 3.12 in Debian, as we > > can't enable CONFIG_USER_NS before then > > What's that for? User namespaces, i.e. user IDs and capabilities (the privileges that root normally has) in a container are distinguished from those in the outer system. This is essential for virtual private servers. Every filesystem implementation needs to make this distinction and not all of them were converted to do so before 3.12. Ben. -- Ben Hutchings Teamwork is essential - it allows you to blame someone else.
signature.asc
Description: This is a digitally signed message part
