https://blog.impulse101.org/enTue, 29 Nov 2016 02:31:42 GMThttps://getnikola.com/http://blogs.law.harvard.edu/tech/rsshttps://blog.impulse101.org/posts/LXC/Alex Wauck<div><p>Next time I need to play around with a possibly messy web app installation, I'm going to skip KVM and fire up <a href="https://en.wikipedia.org/wiki/LXC">LXC</a>. I tried it recently to test a PostgreSQL migration strategy on my laptop, and setting up a container (even with all the software I needed to download) didn't take much time at all, even with the crappy Internet connection I was on. Cloning the container was really quick and easy, too.</p> <p>I was surprised to see that Ubuntu's LXC packages come with a fairly wide variety of scripts for installing other Linux distributions inside an LXC container: Arch, Fedora, Debian, OpenSuSE, and a customized Ubuntu install designed for doing cloud stuff. Neat!</p> <p>Since LXC isn't a full virtualization platform, you can't run a custom kernel, and you don't (yet) have as high a degree of isolation, so a malicious root user in a container is (at least theoretically) a threat to the host system, but it's a lot more light-weight, since it basically just uses cgroups to present a constrained view of the system to processes inside the container. <a href="https://launchpad.net/arkose">Arkose</a> uses LXC in a really neat way: it confines programs to limit the damage they can do. I might try that with Google's music uploader, which I want to use but don't entirely trust. I wonder how well it could confine an application that needs 3D? I'd be inclined to do that with Minecraft, especially if mods are involved.</p> <p>In short, LXC is a really neat piece of technology, and it's fairly easy to use. If you need to try something messy on a Linux system, I absolutely recommend it.</p></div>lxchttps://blog.impulse101.org/posts/LXC/Fri, 09 Nov 2012 18:48:45 GMT