[Blueprint servercloud-q-lxc] Lxc work for Q

[Serge Hallyn]

Blueprint changed by Serge Hallyn:

Whiteboard changed:
- Topics:
-  - apparmor: outlook for stacked profiles?
-    - 12.10 work may be purely prep work in apparmor package/kernel
-  - seccomp2
-  - support for pre-start scripts (like initramfs)
-  - support for config #includes   (*1)
-  - encrypted root fs support   (*2)
-  - switch to git back-end for UDD?
-  - http://skliarie.blogspot.com/2011/11/llslxclvmsnapshots.html - lvm manipulation inside guests
-  - /lxc-shared support through lxc config (or the OpenVZ way with a /var/lib/lxc/<container>>/mount
-  directory used instead of /usr/lib/lxc/)
-  - lxc-debconf
-  - multiarch fallout - move lxc-init to /sbin?
-  - expiration of cached images
-  - separate lxcinit (and lxclib) into separate packages?
-  - lxc postinst, choose lxcbr0 address (for nesting containers)
-  - kernel features:
-   - cgroup fake root
-   - devices namespace, syslog namespace
-   - user namespace (if ready - but likely 13.04 work)
-  - lxc apport info
-  - hook the high level testsuite up to a jenkins instance
-  - support for fedora 17 templates  (just needs to be done)
-  - Make liblxc public and create initial language binding (python)
-    - Export new higher level functions in the library so it's possible to easily do the same thing as the tools by just calling library functions
-    - Rebase the tools on these functions, possibly converting some of the shell tools to C in the process
-    - Write a python binding module (_lxc) and python module (lxc) to provide a user/scripter friendly way of accessing all of LXC's features
-    - Rebase arkose on the new python module instead of the current subprocess calls.
+ User Stories:
  
- (*1) - may fall in nicely after a code restructuring
- (*2) - probably best done as a pre-start hook
+ [nested lxc - cgroup premount and apparmor policy]
+ 
+ Sallie would like to run juju with lxc on her laptop, but is afraid it
+ may meddle with her laptop's networking setup.  So she runs juju inside
+ an lxc container.
+ 
+ [lxc-attach]
+ 
+ Joe finds one of his containers is not responding to the ssh port, and
+ its consoles are not working.  He suspects a problem with its devpts.  He
+ uses lxc-attach to run a diagnostics tool inside the container.
+ 
+ [user namespace - unprivileged startup]
+ 
+ Annie wants to test a root fs tarball sitting on her usb stick.  She'd
+ like to start at least a chroot or a whole container in it.  But she
+ doesn't have privileges on this machine.  She creates a container with
+ private user namespace and boots the rootfs there.
+ 
+ [seccomp]
+ 
+ Zoe wants to run a flash movie inside a container, but is afraid there
+ may be a kernel system call exploit.  She uses seccomp to filter out
+ the most dangerous system calls.
+ 
+ [hooks, /var/lib/c1/root, and #includes, openvz migration]
+ 
+ Munro supports a large number of containers.  Most of the container
+ configuration is shared from a common #included file.  When he needs
+ to make a change to all containers, he can change the common included
+ configuration file, have a loop mount new filesystems under each
+ container's root, and add lines to the pre-start hook which the common
+ configuration file defines.
+ 
+ [encrypted root]
+ 
+ Rupert wants to run an application on an instance in the cloud,
+ but would like for the next cloud user to re-use his instance's
+ disk to not be able to read the application data.  He therefore
+ uses an encrypted root for the container.
+ 
+ [python api]
+ 
+ Yngwie would like to write a script to perform a particular update
+ in each container.  He can use the python api to find all containers,
+ then attach to running or execute in non-running containers to
+ perform the update.
+ 
+ Assumptions:
+ 
+ seccomp gets upstream
+ user namespaces get upstream
+ setns patches get upstream
+ 
+ Release Notes:
+ 
+ unprivileged startup
+ secure nested containers
+ openvz migration

-- 
Lxc work for Q
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-lxc