Proxmox LXC Container

[Meseira]

Hi,
I'm trying to understand what Proxmox brings in addition to the configuration of a LXC container. As I understand it, the main difference with a basic LXC container is in the three hooks installed in /usr/share/lxc/hooks/.

/usr/share/lxc/hooks/lxc-pve-autodev-hook
/usr/share/lxc/hooks/lxc-pve-poststop-hook
/usr/share/lxc/hooks/lxc-pve-prestart-hook

These scripts all seem to me to be related to the way Proxmox integrates the containers into its environment. Am I missing something? Does Proxmox add a more secure configuration than a basic unprivileged LXC container? In particular for the management of namespaces and cgroups?

Thanks for your help!

 

[oguz]

hi,

for a thorough explanation you can see here[0]

but basically:
* gui integration
* premade templates
* setup and management wrappers (pct)
* integration with PVE storage library
* backup/restore

and more features.

in terms of security, we utilize apparmor profiles and seccomp policies (also unprivileged containers by default)

most of the configuration will be done in /etc/pve/lxc/CTID.conf (instead of the regular lxc config locations)

[0]: https://pve.proxmox.com/wiki/Linux_Container

 

[Meseira]

Hi oguz,

thank you for your answer. As I understood it, these three hooks are mainly about integration. I think the use of apparmor and seccomp mainly answers my question, I will look more precisely at how it is used in Proxmox.