[Blueprint servercloud-s-virtstack] Virtualization Stack Work for Saucy

[Serge Hallyn]

Blueprint changed by Serge Hallyn:

Whiteboard changed:
  [USER STORIES]
  
  Abe would like to run untrusted workloads in a container.
  
  Billy would like for his users to be able to use containers without
  giving them root access.
  
  Charlie would like to confine users with flexible cgroups.
  
  Denise is writing an application using containers, and wants to re-use
  the tested core lxc API.
  
  Erica would like openstack-lxc users to have all the advanced features
  of lxc (apparmor protection, nesting, etc).
  
  [ASSUMPTIONS]
  
  A fix is accepted upstream to allow user namespaces to be used alongside
  XFS.
  
  [USER ACCEPTANCE]
  
  Set up a user with subuids and use it to create and run a container.
  
  [RELEASE NOTE/BLOG]
  
  User namespaces, apparmor, and seccomp are now leveraged to provide a
  secure container environment.
  
  Containers can now be created and used by unprivileged users.
  
  There is built-in support for boot-time configuration of control
  groups.
+ 
+ [NOTES]
+ 
+ Note that work items targetd to ubuntu-13.09 and ubuntu-13.10 are
+ targeted for completion upstream during saucy cycle, but not to
+ hit saucy.  Note that ovmf work will not be complete upstream,
+ this item is to investigate and organize ("pursue").

-- 
Virtualization Stack Work for Saucy
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-virtstack