Juju feedback from the Launchpad Yellow Squad

Kapil Thangavelu kapil.thangavelu at canonical.com
Tue Feb 21 15:31:16 UTC 2012

Excerpts from Serge E. Hallyn's message of Thu Feb 16 13:29:01 -0500 2012:
> Quoting Clint Byrum (clint at ubuntu.com):
> > Interesting.. I wonder if there is a way to have LXC namespace DBUS
> > without namespacing TCP/IP.
> No.  Though you theoretically could have LSM deny the container access
> to "/com", but not (yet) with apparmor today.
> What exactly is the problem that you have with lxc, which you don't
> have with kvm?  Does it help at all to use macvlan or vlan in the
> container with host's eth0 as link?
> We should probably discuss and test at UDS.
> -serge

Its not really a problem with lxc, or something that we could do with kvm.

We wanted to isolate a charm to always running in a full container, but one of 
the challenging aspects is routing the inter host requests between containers 
and allowing external access to the containers in a public cloud environment. 
Looking over other tools that do full containers in ec2, it appears most of them 
do it via higher level application mechanisms for http request routing 
(effectively a named virtual host on the host machine forwarding to 
backend app servers) combined with dynamic port forwarding on the host for other 
protocols with a custom cli frontend that hides the dynamic port for external 



More information about the Juju mailing list