Michal Čihař - Looking for VServer alternative

Looking for VServer alternative

It seems like VServer is not something for long run because it does not seem to want to be upstream and there is also no good future for having it as patch in Debian for long run. So I should look for alternatives and probably migrate to some other solution while upgrading my server to Squeeze (once it is released or really close to the release).

There are various options, starting with OpenVZ, through Linux Containers (LXC) up to full virtualization (probably KVM based). With OpenVZ the situation won't be much better, so it is not a real option. For various reasons I don't want to go to full virtualization, I simply thing containers are good enough and avoid too much overhead in some situations.

So the only remaining solution seems to be LXC. There even seem to be some people who managed to migrate from VServer, which is good and will be definitely helpful. Now it's time to play with lxc a bit before I will try to implement it for real.


wrote on Nov. 11, 2010, 4:23 p.m.

Do note that LXC has a lot of shortcomings for many things; sysctl aren't isolated, loop devices aren't isolated, and so on so forth. You can very easily mess stuff up in the host by having access to one single guest.

So it's fine if you just wish to run software in a slightly more secure manner, but it's nothing useful if you want real security, providing (virtual) root to untrusted people.

wrote on Nov. 11, 2010, 4:31 p.m.

Well for me it's more about having separate environment for some independent things (like mail server, web server, jabber, etc.). I definitely have no plans to giving root access to not trusted people (anyway it is more or less same as with VServer).

But thanks for comment.

wrote on Nov. 11, 2010, 4:32 p.m.

Just out of curiosity, why is the situation with openVz the same?


wrote on Nov. 11, 2010, 4:39 p.m.

OpenVZ also does not look like something what will be in mainline soon. It is in much better shape than VServer now (AFAIK OpenVZ is more active in Debian), but not having it in mainline is still risky.