Server Technical Specification: Agenda and First Draft
drago01
drago01 at gmail.com
Sat Mar 1 10:06:27 UTC 2014
On Sat, Mar 1, 2014 at 10:28 AM, Kashyap Chamarthy <kchamart at redhat.com> wrote:
> On Fri, Feb 28, 2014 at 02:56:52PM +0100, drago01 wrote:
>> On Fri, Feb 28, 2014 at 2:43 PM, Stephen Gallagher <sgallagh at redhat.com> wrote:
>
> [. . .]
>
>> SELinux working with it now.
>> <mclasen> dargo01: I think that statement may be evolving ?
>> <sgallagh> And Docker is moving to systemd-nspawn and away from lxc
>> <mclasen> but certainly valuable to raise the question on the list,
>> and see if lennart, dan or dan want to chime in
>> <drago01> sgallagh: "Note that even though these security precautions
>> are taken systemd-nspawn is not suitable for secure container setups.
>> Many of the security features may be circumvented and are hence
>> primarily useful to avoid accidental changes to the host system from
>> the container. The intended use of this program is debugging and
>> testing as well as building of packages, distributions and software
>> involved with boot and systems mana
>> <drago01> gement." [1]
>
> Just to note - recently I did a test to compile libguestfs in a
> `systemd-nspawn` container. Details here[1]
>
> A single `make` job timing to compile everything on a systemd-nspawn:
>
> real 31m9.792s
> user 17m18.359s
> sys 13m17.868s
>
> For comparison, on the _host_, the same single `make` job timing:
>
> real 13m41.440s
> user 13m5.816s
> sys 1m9.911s
How did you run those tests? In which order? Did you reboot in between
or at least cleared the caches?
More information about the devel
mailing list