Playing with LXC

I’ve been wanting to explore the OS-level virtualization space again.  For a long time I was running linux-verser on a number of servers.  I switched to Xen because I really like the aesthetic of being able to run each virtual machine with it’s own kernel.  But I wonder if this is not too heavy a solution when all you really want is a super-chroot.  LXC has a lot of support since it’s in the kernel but it’s difficult to tell how big a community there is.  Thus far I’ve been pretty disappointed with LXC and I’ve had trouble getting information.  For example there is very little information as to whether capabilities are changed in different kernel versions.  Here are some of the major difficulties I’ve found so far:

  • Isolation – The LXC home page mentions isolation repeatedly, as does the README.  I was disappointed to find running dmesg on my container displayed the messages from the host system.  That’s not isolated enough for me.
  • Networking – While you can assign multiple ip addresses you can only have 1 interface which is on 1 bridge.  With Xen I have several virtual machines with multiple devices, usually one on a public bridge and another on a vpn.  Also on Ubuntu guests since udev does not work the network/interfaces file is not run and there is not routing until ifup -a is run from the guest.
  • No udev – This could be ok except for ubuntu guests which, as noted above, use upstart which depends on udev notifications to start networking and other services.  Basically it’s safe to assume that with an ubuntu guest many services will not be started.  This will not be the case for guests using sysvinit or systemd as far as I know.
Resources:

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *