App-LXC-Container
view release on metacpan or search on metacpan
Snap / Flatpak packages may come from a source providing faster and/or more
recent versions of at least their main programs.
- +
For Snap / Flatpak you must either trust that the provider of that package
takes care of installing all security updates of all packages used within it
or check those versions yourself against those of the used distribution.
- +
Snap / Flatpak packages need additional disk space for the packages and
additional main memory as nothing is shared with the main system (usually
less than Docker containers).
## compared to virtual machines
- -
Virtual machines allow running different versions of applications, different
Linux distributions and even other operating systems.
- -
Like Docker containers virtual machines are also much better for scalable
server applications.
- -
Virtual machines are completely separated (except for low-level hardware
attacks like Heartbleed etc.) and more secure than any type of container.
- +
The images for virtual machines need a lot more disk space and main memory
as nothing is shared with the main system (even more than Docker
containers).
- +
Virtual machines must be updated separately from the main system.
- +
Starting an application inside of a virtual machine is slower than starting
an application container.
_Additional advantages/disadvantages are welcome._
# BEST PRACTICES
Especially external packages often haven't all their real dependencies
configured. For those it is often necessary to manually add some packages
and bind mount points like the following:
## additional packages
Note that the examples are from Debian.
- fontconfig-config (select `/usr/share/fontconfig`)
- locales (select `/usr/share/locale/locale.alias`)
## additional bind mounts
Note that again the examples are from Debian.
- `/usr/share/fonts`
# KNOWN BUGS
Currently the package only supports Debian based distributions. If you're
using something different please get in touch to extend the support. (The
framework is already there, but the specific commands are missing, and
that's where I need some help.) Everything derived from Debian should be
easy to add. For RPM based distributions I've also already some ideas.
Also only X11 graphic and pulseaudio/pipewire sound has been tested so far.
Wayland probably works as well but other sound systems most surely not.
(Again, some help would be appreciated.)
Non-standard user configuration (not using `/etc/passwd`, `/etc/group`
etc. or not using `/home` as location for normal users) are currently not
supported.
It is not properly checked that LXC and LXCFS are really installed. If not,
this will produce some other errors.
Currently recommended or suggested packages are ignored while following the
dependencies. This will be fixed (and configurable) in a later version.
Some other not yet supported configurations may cause fatal error messages
as well.
If the container needs to use `su` to switch user inside of it, root
(currently?) can not have a mapped user ID. See
[App::LXC::Container::Run](https://metacpan.org/pod/root%20access)
Files or symbolic links created by post-install activities are currently not
automatically included. This may cause strange errors until they are
manually added to a configuration. One most prominent example are the links
in `/etc/alternatives`.
Dependencies within multiple architectures are sometimes wrong,
e.g. `wine32` would install the 64 bit `libwine` instead of the correct 32
bit version. The workaround is manually adding the correct package.
# MAIN FUNCTIONS
The module defines the following main functions for the scripts
`lxc-app-setup` and `lxc-app-update`:
## **setup** - setup meta-configuration
App::LXC::Container::setup($container);
### parameters:
$container name of the container to be configured
### description:
This is the actual code for the wrapper script `lxc-app-setup`.
## **update** - update LXC configuration
App::LXC::Container::update(@containers);
( run in 0.544 second using v1.01-cache-2.11-cpan-5735350b133 )