Is LXC secure enough for VPS hosting?

security linux lxc openvz

Solution 1:

To the best knowledge at the time of this writing there were still critical issues with /proc filtering. They ought to be addressed in Linux Kernel 3.6 or later.

Since I'm facing the same problem as you I've done some investigation and I'm not yet convinced that LXC is an alternative to Linux VServer.

If you decide not to switch to LXC have a look at the cgroup support of Linux Vserver which is based on the same code as LXC and may be an option for your setup.

Solution 2:

LXC added unprivileged containers support from 1.0 version, and Ubuntu appended more apparmor rules from release 14.04 LTS (5 years) that use 3.13 kernel, (LTS will append support for kernels from utopic now, vivid in some months, etc)

many things about security with LXC are OLD now (the same applies to Docker, that is based in linux container tech based in cgroups) to me at least appear that lxc under Ubuntu is now a good alternative. I imagine that the same applies to Debian.

Related

Why can't I delete a folder that I have ownership (+ children) AND full control permissions (+ children) on?
Conditionally offering PXE boot to a client
Choosing Transit Providers
How to configure Asterisk to send audio before call is established
Supermicro BIOS recovery - SUPER.ROM
vmware esxi 5, cant create snapshots and consolidate fails, how to delete old or consolidate redo logs?
Unsecured MySQL 'root'@'localhost' account accessed remotely?
Recover data from SCSI hard disk
Is "place name + er" ("New Yorker") a productive morpheme? [closed]
place constraints on sth
Expect or are expecting
“COVID-19 changed / has changed / has been changing the everyday life of people” [duplicate]