LXC Directions

Jonathan Carter (highvoltage) jonathan at ubuntu.com
Mon Jul 18 17:11:37 UTC 2011


Hi Clint

On 18/07/11 01:03 PM, Clint Byrum wrote:
> locally. LXC's security model is not actually much stronger than chroot's,

chroots are really easy to break out of, while LXC containers are not
(barring the host's proc being exposed in current versions, but that's a
known issue that's planned to be fixed).

That's a significant difference that makes a big impact on security!

-Jonathan




More information about the Ensemble mailing list