On Tue, Jan 29, 2013 at 5:10 PM, Serge Hallyn <serge.hal...@canonical.com>wrote:
> Quoting pablo platt (pablo.pl...@gmail.com):
> > I'll be happy to be the driving force but I need info from experts.
> >
> > Let's say the command will look like this:
> > lxc-sandbox -n mybox /bin/bash
> > Do you think that lxc-sandbox can use an API similar to libvirt-sandbox?
> >
> http://rpm.pbone.net/index.php3/stat/45/idpl/19820275/numer/1/nazwa/virt-sandbox
> >
> > Will lxc-sandbox need to call lxc-execute with a predefined secure
> config?
> > Will it need to use seccomp, apparmor, selinux or something else?
>
> Thinking about it, I think it would look more like lxc-start-ephemeral.
>
> In fact, perhaps it could take the form of a '-f <extra-config-file>'
> flag to lxc-start-ephemeral, where we ship an example extra-config-file
> with commented apparmor, capabilities and seccomp configuration.
>
You mean that it will be based on lxc-start-ephermeral or only use the same
structure?
I think that lxc-start-ephermeral use OS container while a sandbox is
easier to use and more efficient as an application container.
>
> Note also that if at all possible, you'll probably want to be on the
> bleeding edge of both kernel and userspace and use user namespaces
> to rob the container of all privilege on the host.
>
Will ubuntu 13.04 support it or only 13.10?
>
> -serge
>
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
