On Sat, Mar 1, 2014 at 10:28 AM, Kashyap Chamarthy <kchamart@xxxxxxxxxx> wrote: > On Fri, Feb 28, 2014 at 02:56:52PM +0100, drago01 wrote: >> On Fri, Feb 28, 2014 at 2:43 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > > [. . .] > >> SELinux working with it now. >> <mclasen> dargo01: I think that statement may be evolving ? >> <sgallagh> And Docker is moving to systemd-nspawn and away from lxc >> <mclasen> but certainly valuable to raise the question on the list, >> and see if lennart, dan or dan want to chime in >> <drago01> sgallagh: "Note that even though these security precautions >> are taken systemd-nspawn is not suitable for secure container setups. >> Many of the security features may be circumvented and are hence >> primarily useful to avoid accidental changes to the host system from >> the container. The intended use of this program is debugging and >> testing as well as building of packages, distributions and software >> involved with boot and systems mana >> <drago01> gement." [1] > > Just to note - recently I did a test to compile libguestfs in a > `systemd-nspawn` container. Details here[1] > > A single `make` job timing to compile everything on a systemd-nspawn: > > real 31m9.792s > user 17m18.359s > sys 13m17.868s > > For comparison, on the _host_, the same single `make` job timing: > > real 13m41.440s > user 13m5.816s > sys 1m9.911s How did you run those tests? In which order? Did you reboot in between or at least cleared the caches? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
