[Users] suspend/resume in OpenVZ
Gena Makhomed
gmm at csdoc.com
Wed May 13 17:33:41 PDT 2015
On 13.05.2015 10:21, Pavel Odintsov wrote:
> Docker is awesome toolkit.
"From a security and composability perspective,
the Docker process model - where everything runs through a central
daemon - is fundamentally flawed. To “fix” Docker would essentially
mean a rewrite of the project, while inheriting all the baggage
of the existing implementation." - https://coreos.com/blog/rocket/
> But we still haven't support for in OpenVZ/PCS.
> I'm really _NOT_ sure about idea to run Docker inside container.
http://blog.odin.com/serviceprovider/2015/3/19/for-service-providers-using-virtuozzo-docker-isnt-just-a-devops-phenomenon-anymore
> I want to run it on HWN (together with another containers if possible)
> and run my custom applications in a securely manner here.
Docker has broken security model, and as result:
http://www.opennet.ru/opennews/art.shtml?num=42195
http://openwall.com/lists/oss-security/2015/05/07/10
> Running Docker inside containers is really strange idea
> and I haven't any use cases for it in my environment.
If you also need security - you should run Docker
inside KVM virtual machines, or inside OpenVZ containers.
--
Best regards,
Gena
More information about the Users
mailing list