This disturbs me. Last I checked, LXC wasn't meant to provide secure isolation from malicious users yet.
Multi Virtualization
- Thread starter Mayers
- Start date
It actually provides more security when used with unprivileged containers (user namespaces). The reason being, each containers has their own user namespace. For example container 1 maps root to 100000 (0), container 2 maps root (0) to 200000, and so on. If someone is able to break out of the container, which is rare in it's self, they won't have access to do anything with a userid of 100000 on the host system.
The only problem is unprivileged containers break a lot of things so it takes a lot of work to get it working correctly. I believe OpenVZ in the future will be using user namespaces as well, but right now with KVM, OpenVZ, Xen, and VMWare, if someone is able to break out of their system, they could have superuser access on the node itself so no technology is without possible vulnerabilities.
There are a lot of other techniques to lock down containers as well. It isn't going to be like OpenVZ where it ships with a kernel that locks everything down for you because linux containers don't work like that. They aren't geared just for VPS hosting. It's important to note, LXC is just user space tools, everything about linux containers is in the kernel itself. The userspace tools out there to manage linux container tools are: lxc, vzctl, libvirt-lxc, and docker. OpenVZ's vzctl works with plain linux containers, although the features are lacking compared to lxc as of now.
Last edited by a moderator:
ICPH
Member
Some time passed and my experience with Virtualizor support is: they are quite fast to reply even on weekend. They are moderately helpful, they are willing to login your server and take a look, their support feels "budget" (same as their budget pricing). They respond at forums.
Regarding Multi Virtualization feature (http://www.virtualizor.com/wiki/Multi_Virtualization) it is still in BETA and they do not recommend to use it because it has problems, some problems are mentioned in this installation tutorial: https://internetlifeforum.com/virtu...penvz-installation-tutorial-centos-6-9-64bit/
So Multi virt. works on old CentOS 6 with 2.6.3 kernel , but not production ready by any means, and i have doubts it will be ready in near future. Virtualizor license price is not too high, so better is to have two nodes one for KVM other for OpenVZ or whatever.
Regarding Multi Virtualization feature (http://www.virtualizor.com/wiki/Multi_Virtualization) it is still in BETA and they do not recommend to use it because it has problems, some problems are mentioned in this installation tutorial: https://internetlifeforum.com/virtu...penvz-installation-tutorial-centos-6-9-64bit/
So Multi virt. works on old CentOS 6 with 2.6.3 kernel , but not production ready by any means, and i have doubts it will be ready in near future. Virtualizor license price is not too high, so better is to have two nodes one for KVM other for OpenVZ or whatever.
We also added some virtualizor-backed products, more like a test atm, but so far i am ok with it.