Using schroot with containers

Registered by Kees Cook

Review various potential implementations for using containers with schroot.

Blueprint information

Status:
Started
Approver:
Kees Cook
Priority:
Low
Drafter:
Kees Cook
Direction:
Needs approval
Assignee:
Kees Cook
Definition:
Approved
Series goal:
Accepted for maverick
Implementation:
Started
Milestone target:
milestone icon ubuntu-10.10
Started by
Kees Cook

Related branches

Sprints

Whiteboard

Would like to review existing best-practices for containers both for development and security.

Agenda:
 * what is everyone doing currently for containers and chroots?
  * isolating daemon services
  * doing builds
 * what is needed for sane containerization of each use-case?
  * CLONE_NEWUTS, ...NET, ...PID, etc
  * http://people.canonical.com/~kees/schroot/ see Makefile and newns.c
  * can lxc be used directly?

Work items:
[allison] develop a simplified lxc wrapper to replace common usages of the userspace "chroot" tool: INPROGRESS
[kees] develop CLONE_NEWPID schroot helper: POSTPONED
[kees] develop test cases for CLONE_NEWPID and schroot: POSTPONED
[kees] package CLONE_NEWPID schroot helper: POSTPONED
[kees] document CLONE_NEWPID schroot helper: POSTPONED
[kees] send helper patches to upstream schroot: POSTPONED

(?)

Work Items