Re: OpenVZ 7 - should I upgrade? [message #52772 is a reply to message #52771] |
Sat, 11 March 2017 14:57 |
tomp
Messages: 64 Registered: August 2007
|
Member |
|
|
Although CentOS 7 does have usernamespace as a tech preview, and you can get an LXC container running as unprivileged.
It has a problem (as does docker too) that if you try and install an RPM that tries to set a capability on a file (e.g. mtr or httpd) it fails to install the RPM.
This is because right now the kernel doesn't allow set_file_cap from within a user namespace:
https://lkml.org/lkml/2016/11/19/158
Its frustrating as right now the decision is between:
* CentOS 6 & OpenVZ 6 - custom kernel, stable, but, with only 2 years left
* CentOS 7 & OpenVZ 7 - unsupported installation process (vzdeploy), no SIMFS quotas, need to use potentially problematic ploop and custom kernel
* CentOS 7 & LXC - vanilla kernel, long security updates, need to maintain own LXC package (supported until 2021), need to use some sort of LVM for disk quotas
What a pickle!
|
|
|