[IPython-dev] Notebook kernels + LXC

Thomas Kluyver takowl at gmail.com
Thu Oct 25 13:18:37 EDT 2012

On 24 October 2012 20:43, Brian Granger <ellisonbg at gmail.com> wrote:
> Think about shell access.  What would you say if I developed a way of
> sharing code, data, programs in the shell that required an LXC
> container.  You would say "that is insane, if you trust a user, give
> them a shell account and use groups and shared directories and if you
> don't, keep them out and share things on the web, public github repos,
> etc."

Well, clearly there are cases where you want a user to be able to run
code without giving them full access to the system. In particular, say
you publish a paper and set up a server where people can repeat your
analysis in a live notebook (something like
http://www.runmycode.org/CompanionSite/ ). Full shell access is a
no-go, it's highly inconvenient to set up unix-level user accounts for
every user, and running separate VMs has substantial overhead.

In a situation like this, I imagine you could spin up a kernel in a
separate LXC container for each user, expose the necessary data files
for the analysis, and direct any file writes into a temporary fs
that's discarded with the kernel. I'm not qualified to technically
evaluate a technology like LXC, but I certainly think there's a use
case for something like that.


More information about the IPython-dev mailing list