[Blueprint servercloud-r-lxc] LXC work for R
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Dec 12 23:00:29 UTC 2012
Blueprint changed by Serge Hallyn:
Whiteboard changed:
User Stories:
Joe wants to deploy a container, but is afraid of root in the container
adversely affecting the host. By running the container in a user
namespace and with seccomp, the host exposure is greatly reduced.
Risks:
Syslog kernel ns rejected upstream.
User namespace kernel delta delayed upstream.
kernel setns() patches delayed or rejected upstream.
Apparmor lxc-related work delayed.
Test Plans:
An lxc testsuite, hooked into the server set of UTAH tests, will be
deployed on each package release.
The lxc api will be leveraged to add more build-time tests.
(Decide for which features tests make sense and are feasible)
Release Note:
User namespaces are available as a tech preview. Fully usable Ubuntu
containers can be created, sandboxed inside a user namespace. These are
not yet recommended for deployment.
Notes:
+ lxc-attach functionality for all namespaces except user is in the user namespace patchset. However lxc-attach needs a patch to switch to the container's apparmor profile.
Syslog ns design wiki page is at https://wiki.ubuntu.com/LxcSyslogNs
- Syslog ns will be sent to kernel team only if/when it appears headed upstream, so that is blocked pending lkml discussions.
+ Syslog ns will be sent to kernel team only if/when it appears headed upstream, so that is blocked pending lkml discussions.
--
LXC work for R
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-lxc
More information about the Ubuntu-server-bugs
mailing list