I am new here. I am using devuan + libvirt + lxc containers. I think in terms of security, it's less secure than a VM, since it shares the kernel & resources with the host system. But I think it's easier to backup & update containers. I like that I can just copy a container to another computer, and only need to set it up once. Also, if I update one container, it can't break the other containers. Also, each of my Container contains devuan and has its own network interfaces, it's like having many different and complete servers with own IPs, hostnames, etc., but without many expensive computers or crazy amounts of ram for VMs. However, I always have a physical second fallback & backup systems if the first one fails, because a single computer is still a single point of failure.
Since I use containers as if they where normal computers, I don't see why I need to be able to control the services from the host system, I just ssh to the container if I need to restart a service. I think if I just want to isolate a single service, I would just use a simple chroot. I don't think an container is much more secure than a chroot. Am 23.09.2016 um 17:19 schrieb stephen Turner: > whats the suckless view of containers and why? what about a > containerized init helper where sinit calls the container program and > then runs daemons and the rest of the system from containers? Do you > feel containers offer additional security/stability? > > Just thinking about "cloud" stuff again and daydreaming about servers. > > I suppose with a system as small as suckless offers it might be a moot > point by the time you fire up several VM instances. VM's would add a > semi redundancy in the event of a single failure in that it wouldn't > take down the other services but then you have other issues if the > system fails anyways right?! > > just random thoughts. > > thanks, > stephen >