[libvirt-users] limit memory and CPU when using libvirt-sandbox
pablo platt
pablo.platt at gmail.com
Mon Jan 28 14:58:49 UTC 2013
Is it 100% secure by default without access to host network and file system?
Can I run it with a normal user with root privileges?
I'm trying to follow the man page but there are some things which are not
clear.
What levels are available for level=LEVEL in SECURITY-OPTIONS?
When it says that the contents of host and guest folders are
indistinguishable, does it means that I can edit host files from the guest
when setting -B?
http://rpm.pbone.net/index.php3/stat/45/idpl/19820275/numer/1/nazwa/virt-sandbox
On Mon, Jan 28, 2013 at 4:44 PM, Daniel P. Berrange <berrange at redhat.com>wrote:
> On Mon, Jan 28, 2013 at 04:38:13PM +0200, pablo platt wrote:
> > I'm considering using virt-sandbox with lxc to sandbox and execute
> > untrusted code like python scripts and compiled C code.
> > Is it possible to limit CPU and Memory like is possible with lxc-execute
> > and a config file?
>
> At this time, we've not wired up resource limits via the libvirt sandbox
> package. Currently the focus has been on securing the containers to prevent
> them doing bad things to the host. Resource constraints as a todo item.
>
> > What's the difference between lxc-execute and libvirt-sandbox?
>
> LXC execute is a standalone tool from the LXC sf.net project which
> has nothing todo with libvirt. libvirt-sandbox is a sandbox technology
> built ontop of libvirt, which is able to create sandboxes across various
> virtualization technologies, currently LXC, KVM and QEMU.
>
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:|
> |: http://libvirt.org -o- http://virt-manager.org:|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/:|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130128/87a326a2/attachment.htm>
More information about the libvirt-users
mailing list