Libvirt sandbox at FOSDEM 2012
As mentioned previously, today I presented a talk at FOSDEM 2012, titled “Building application sandboxes on top of LXC and KVM with libvirt”. As promised I have now uploaded the PDF slides for public access. For further information about libvirt-sandbox, consult this previous blog post on the subject. Also keep an eye on this site for further blog posts in the future. Thanks to everyone who attended the talk. I look forward to returning again in a year’s time for another update.
Is evading from LXC to the virtual host possible with your solution?
http://blog.bofh.it/debian/id_413
The forthcoming libvirt 0.9.10 release will include support for sVirt with LXC. If this is enabled on an LXC container, then SELinux should be able to prevent container apps from escaping into the host. For example, the SELinux policy would prevent any writes to /proc, or /sys
Ok, that is very interesting!
Will sVirt 0.9.10 make into F17?
Do you know of howtos/documentation how to implement this properly?
Yes, libvirt 0.9.10 will be in Fedora 17, with sVirt for LXC. Docs will be forthcoming…watch this blog for more info.
I’ll definitely do that.
This sounds very interesting.
Is there a video available for this presentation?
@stefan unfortunately not, only the 2 main FOSDEM presentation rooms were video recorded.