Linux Container

From Proxmox VE
Jump to: navigation, search

Security

LXC Containers use an AppArmor profile to provide ressource isolation in the container. This works by blocking system calls like 'mount' who are denied being executed in the container. You can trace the AppArmor activity with:

dmesg | grep apparmor 

If you want to disable AppArmor for a container, you can add the stanza

lxc.aa_profile = unconfined 

at the end of the configuration file ( located in /etc/pve/lxc/CTID.conf ) Note that this is not a recommended setup for production.


Migrate container from OpenVZ to Linux container

Follow this howto:

References