On Sat, 20 Aug 2011, John wrote: > Hi, very interested in this. I've been using LXC for a while but only to > segregate functions on my own servers. I am well aware of how delicate > the LXC setup is when considering security. For example, unless I > customise the init scripts a container can bring down the host.
FWIW: I've been using the file-rc boot script mechanisms rather than the sysv-rc system for LXC containers. That might seem like a step backwards, but actually, it's fine and gives you much finer (& easier IMO) control over what gets started and stopped when a container is booted. You still get the usual /etc/init.d with scripts in it, but rather than a lot of /etc/rc.X directorys, just one file; /etc/runlevel.conf with hooks into the scripts and what runlevels to execute them in. It doesn't address any issues though, but when you know what's getting started and in what order, it makes management easier... For me, anyway. E.g. I was being plagued recently with really weird keyboard issues when a Debian Squeeze container was starting - it was the /etc/init.d/keyboard-setup script running - stopped that, and all was fine. And really - all I need to run when booting a container is syslog, sshd, apache, maybe cron and one or 2 others. Unless I'm doing anything fancy with networking. No point running other stuff that the host needs to do like ntp, urandom, checkroot, the various mounts and so on. Gordon ------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
