In my case, I’m not a fan of running unknown code on the host. Docker and LXC are ways of running a process in a virtual security sandbox. If the process escapes the sandbox, they’re in your host.
If they escape inside a VM, that’s another layer they have to penetrate to get to the host.
It’s not perfect by any stretch of the imagination, but it’s better than a hole in the head.
I unironically do this in proxmox. Keeps things nice and separate and i still have plenty ram left.
Any reason for not using LXC as PX has native support?
In my case, I’m not a fan of running unknown code on the host. Docker and LXC are ways of running a process in a virtual security sandbox. If the process escapes the sandbox, they’re in your host.
If they escape inside a VM, that’s another layer they have to penetrate to get to the host.
It’s not perfect by any stretch of the imagination, but it’s better than a hole in the head.
I do use LXC but those are still pretty much a virtual machine.
Fair point.