Proxmox LXC Container

Meseira

New Member
Jul 22, 2020
2
0
1
42
Hi,
I'm trying to understand what Proxmox brings in addition to the configuration of a LXC container. As I understand it, the main difference with a basic LXC container is in the three hooks installed in /usr/share/lxc/hooks/.

Code:
/usr/share/lxc/hooks/lxc-pve-autodev-hook
/usr/share/lxc/hooks/lxc-pve-poststop-hook
/usr/share/lxc/hooks/lxc-pve-prestart-hook

These scripts all seem to me to be related to the way Proxmox integrates the containers into its environment. Am I missing something? Does Proxmox add a more secure configuration than a basic unprivileged LXC container? In particular for the management of namespaces and cgroups?

Thanks for your help!
 
hi,

for a thorough explanation you can see here[0]

but basically:
* gui integration
* premade templates
* setup and management wrappers (pct)
* integration with PVE storage library
* backup/restore

and more features.

in terms of security, we utilize apparmor profiles and seccomp policies (also unprivileged containers by default)

most of the configuration will be done in /etc/pve/lxc/CTID.conf (instead of the regular lxc config locations)

[0]: https://pve.proxmox.com/wiki/Linux_Container
 
Hi oguz,

thank you for your answer. As I understood it, these three hooks are mainly about integration. I think the use of apparmor and seccomp mainly answers my question, I will look more precisely at how it is used in Proxmox.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!