dotCloud engineer here. LXC lets you use cgroups, i.e. setup memory/cpu/IO limit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jpetazzo on March 20, 2013 \| parent \| context \| favorite \| on: Docker - the Linux container runtime dotCloud engineer here. LXC lets you use cgroups, i.e. setup memory/cpu/IO limits per container. If you setup MySQL with more than database, you can't do that. Also, we DO use LXC and SUPPLEMENT it by something providing security such as GRSEC (in the current version in production at dotCloud) and AppArmor (with docker) :-)

zobzu on March 20, 2013 [–]

you can actually use cgroups without lxc, btw.

if you do use apparmor and grsec (as in RBAC's part of grsec in particular) it's probably acceptable, but I haven't seen it mentioned on the website - and people figure, they'll just use lxc "and be safe".

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact