use LXC under heavier virtualization (Xen, KVM,Hyper-V,VMVare)

Is it possible to use LXC under heavier virtualization (Xen DomU, KVM, Hyper-V, VMVare) ? I would like to use it as security (isolation) tool, the ability to limit resource consumption is not priority for me. I am only interested if it can be done in a straightforward way; similar to using LXC on non-virtualized server. I do not want to use too tricky setup on production server.


Solution 1:

Here's an Ubuntu page that shows that you can run in under KVM - https://help.ubuntu.com/community/LXC

--additional info--

I've just completed live implementation of LXC under VMware VSphere, as part of it I did a couple of Proof of Concepts that implemented LXC under KVM and VirtualBox as well here's the link:

http://uncommonsense-uk.com/2012/virtual-machine-stacking-using-lxc-on-top-of-esx/

-ActionJack

Solution 2:

Yes you can. LXC is virtualization per OS; moreover, It's process's isolation, so hardware specific requirements for virtualization doesn't need to be complied. The only thing that you need is a recent kernel >3.13 for all the proper LXC dependencies like namespaces and cgroups.

BUT, you have to be really careful about how you are going to manage your networking architecture/configuration because it can be a pain to set up when you are trying to create a network inside a full virtual machine(KVM, Xen, etc). I strongly recommend using NAT plus a DNS resolver to communicate with the LXC containers.

Solution 3:

I can't talk for Xen or KVM but neither Hyper-V not ESX/i directly support LXC but of course they all support various linuxes and certainly ESX/i allows a hypervisor-within-hypervisor so it might work like that.