[clug] Process sandboxing
Robert Brockway
robert at timetraveller.org
Sun Jul 17 21:42:25 MDT 2011
On Fri, 15 Jul 2011, Jeremy Kerr wrote:
> Hi Jeff,
>
>> Interesting idea. Doesn't appear to be applicable as I'm running things
>> without a GUI on a server.
Remember that X-window is network transparent. You can run a GUI app and
remote display it - no need to have an X server running on the server
running the app.
> In that case, you might be able to use lxc containers directly; arkose
> is basically a GUI frontend for LXC.
I'd recommend OpenVZ over LXC. It is true that OpenVZ will eventually go
away in favour of LXC but in the mean time OpenVZ has greater stability
and features. I expect I'll continue to use OpenVZ for the next 2-3 years
and then switch to LXC once it has matured. I don't expect the switch to
be painful at all.
This is aside from whether containerisation is the right solution for the
problem at hand.
Cheers,
Rob
--
Email: robert at timetraveller.org Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.practicalsysadmin.com
Contributing member of Software in the Public Interest (http://spi-inc.org/)
Open Source: The revolution that silently changed the world
More information about the linux
mailing list