| 1 |
On Mon, Jan 18, 2016 at 9:45 PM, Alec Ten Harmsel |
| 2 |
<alec@××××××××××××××.com> wrote: |
| 3 |
> |
| 4 |
> All Joost is saying is that most resources can be overcommitted, since |
| 5 |
> all the users will not be using all their resources at the same time. |
| 6 |
> |
| 7 |
|
| 8 |
Don't want to sound like a broken record, but this is precisely why |
| 9 |
containers are so attractive. You can set hard limits wherever you |
| 10 |
want, but otherwise absolutely everything can be |
| 11 |
over-comitted/shared/etc to the degree you desire. They're just |
| 12 |
processes and namespaces and cgroups and so on. You just have to be |
| 13 |
willing to live with whatever kernel is running on the host. Of |
| 14 |
course, it isn't a solution for Windows, and there aren't any mature |
| 15 |
VDI-oriented solutions I'm aware of. However, running as non-root in |
| 16 |
a container should be very secure so there is no reason it couldn't be |
| 17 |
done. I just spun up a new container yesterday to test out burp |
| 18 |
(alas, ago beat me to the stablereq) and the server container is using |
| 19 |
all of 54M total / 3M RSS (some of that because I like to run sshd and |
| 20 |
so on inside). I can afford to run a LOT of those. |
| 21 |
|
| 22 |
-- |
| 23 |
Rich |
Archives