On 25.01.2021 22:24, Scott Dowdle wrote:
I found only two possible free/open source alternatives for OpenVZ 6:
- LXC
- systemd-nspawn
Some you seem to have overlooked?!?
- OpenVZ 7
- LXD from Canonical that is part of Ubuntu
- podman containers with systemd installed (set /sbin/init as the entry point)
OpenVZ 7 has no updates, and therefore is not suitable for production.
LXC/LXD is the same technology, as I understand from linuxcontainers.org
podman can't be a replacement for OpenVZ 6 / systemd-nspawn because it destroys the root filesystem on the container stop, and all changes made in container configs and other container files will be lost. This is a nightmare for the website hosting server with containers.
systemd-nspawn probably is the best fit for my tasks. But systemd-nspawn also have some major disadvantages in the current RHEL-stable and RHEL-beta versions:
https://bugzilla.redhat.com/show_bug.cgi?id=1913734
https://bugzilla.redhat.com/show_bug.cgi?id=1913806
Answering to your previous question:
in the reproduction steps, disabling SELinux is a step?
SELinux must be disabled, because if SELinux is enabled - it prevents systemd-nspawn containers from starting.
SELinux permissive mode is useless because it consumes more resources compared to completely disabled SELinux.