1 |
On Mon, Jan 18, 2016 at 9:45 PM, Alec Ten Harmsel |
2 |
<alec@××××××××××××××.com> wrote: |
3 |
> |
4 |
> All Joost is saying is that most resources can be overcommitted, since |
5 |
> all the users will not be using all their resources at the same time. |
6 |
> |
7 |
|
8 |
Don't want to sound like a broken record, but this is precisely why |
9 |
containers are so attractive. You can set hard limits wherever you |
10 |
want, but otherwise absolutely everything can be |
11 |
over-comitted/shared/etc to the degree you desire. They're just |
12 |
processes and namespaces and cgroups and so on. You just have to be |
13 |
willing to live with whatever kernel is running on the host. Of |
14 |
course, it isn't a solution for Windows, and there aren't any mature |
15 |
VDI-oriented solutions I'm aware of. However, running as non-root in |
16 |
a container should be very secure so there is no reason it couldn't be |
17 |
done. I just spun up a new container yesterday to test out burp |
18 |
(alas, ago beat me to the stablereq) and the server container is using |
19 |
all of 54M total / 3M RSS (some of that because I like to run sshd and |
20 |
so on inside). I can afford to run a LOT of those. |
21 |
|
22 |
-- |
23 |
Rich |