Re: [dev] containers opinion
I am new here. I am using devuan + libvirt + lxc containers. I think in
terms of security, it's less secure than a VM, since it shares the
kernel & resources with the host system. But I think it's easier to
backup & update containers. I like that I can just copy a container to
another computer, and only need to set it up once. Also, if I update one
container, it can't break the other containers. Also, each of my
Container contains devuan and has its own network interfaces, it's like
having many different and complete servers with own IPs, hostnames,
etc., but without many expensive computers or crazy amounts of ram for
VMs. However, I always have a physical second fallback & backup systems
if the first one fails, because a single computer is still a single
point of failure.
Since I use containers as if they where normal computers, I don't see
why I need to be able to control the services from the host system, I
just ssh to the container if I need to restart a service. I think if I
just want to isolate a single service, I would just use a simple chroot.
I don't think an container is much more secure than a chroot.
Am 23.09.2016 um 17:19 schrieb stephen Turner:
> whats the suckless view of containers and why? what about a
> containerized init helper where sinit calls the container program and
> then runs daemons and the rest of the system from containers? Do you
> feel containers offer additional security/stability?
>
> Just thinking about "cloud" stuff again and daydreaming about servers.
>
> I suppose with a system as small as suckless offers it might be a moot
> point by the time you fire up several VM instances. VM's would add a
> semi redundancy in the event of a single failure in that it wouldn't
> take down the other services but then you have other issues if the
> system fails anyways right?!
>
> just random thoughts.
>
> thanks,
> stephen
>
Received on Fri Sep 23 2016 - 21:24:07 CEST
This archive was generated by hypermail 2.3.0
: Fri Sep 23 2016 - 21:36:11 CEST