Blueprint changed by Serge Hallyn: Whiteboard changed: User Stories: Joe wants to deploy a container, but is afraid of root in the container adversely affecting the host. By running the container in a user namespace and with seccomp, the host exposure is greatly reduced. Risks: Syslog kernel ns rejected upstream. User namespace kernel delta delayed upstream. kernel setns() patches delayed or rejected upstream. Apparmor lxc-related work delayed. Test Plans: An lxc testsuite, hooked into the server set of UTAH tests, will be deployed on each package release. The lxc api will be leveraged to add more build-time tests. (Decide for which features tests make sense and are feasible) Release Note: User namespaces are available as a tech preview. Fully usable Ubuntu containers can be created, sandboxed inside a user namespace. These are not yet recommended for deployment. Notes: - Syslog ns design wiki page is at https://wiki.ubuntu.com/LxcSyslogNs + Syslog ns design wiki page is at https://wiki.ubuntu.com/LxcSyslogNs + Syslog ns will be sent to kernel team only if/when it appears headed upstream, so that is blocked pending lkml discussions.
-- LXC work for R https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-lxc -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs