Building application sandboxes on top of LXC and KVM with libvirt

Registered by Daniel Berrange on 2012-07-26

This blueprint has been superseded. See the newer blueprint "Containers Microconference" for updated plans.

This session will provide an overview of the recent virt-sandbox project, which aims to provide sandboxing of applications via the use of lightweight guests (both KVM and LXC). Discussion will cover techniques such as sVirt (use of SELinux labeling to prevent the sandboxed virtual machine/container from altering unauthorized resources in the host) and filesystem sharing & isolation (to allow the guest to share a specified portion of the host file system), integration with systemd for containerized application management, and tools to facilitate setup of sandboxed application service environments

Topic Lead: Daniel Berrange
Daniel has been the lead architect & developer of libvirt for more than 5 years, original developer of the libvirt-sandbox, virt-manager & entangle applications, and part-time hacker on QEMU, KVM, OpenStack, GTK-VNC, SPICE and more.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Daniel Berrange
Direction:
Needs approval
Assignee:
Daniel Berrange
Definition:
Superseded
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Grant Likely on 2012-08-02

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.