Super easy as using the custom "profle" meant I really had to do nothing other than the single cmd to create the LXD container.. which took 15-20 seconds to create.
Simos
I just tried this on Ubuntu 18.04 and it worked great!!
Started Firefox in an LXD container created w your customized "profile" went to YouTube a was playing music videos great... All from the LXD container.
I've had upto 512 LXC nested containers running quagga for bgp & osp to simulate "the internet". My machine is an i7 laptop and this used less than 8-10 gigs of ram to run.
fyi the github of "The Internet" setup was from the 2014 NSEC conference where they used it so the participants had a large internet routing simulation available to test security.
LXC (www.linuxcontainers.org) supports Apparmor, SElinux, Seccomp and what’s probably the only way of making a container actually safe LXC has supported user namespaces since the LXC 1.0 release in 2014.
You can create either privileged or unprivileged LXC containers. Creating Unprivileged containers only requires a very simple configuration that takes 60 seconds to do.
Also, note that with LXD/LXC the "default" container is now unprivileged. Also with LXD/LXC the LXC command syntax is now simplified even more than it was with traditional LXC but with the added power of being able to orchestrate and manage LXC containers either remotely or locally.
I agree lets be careful about stating better performance unless you can post some stats. It may be true but I'm an engineer and like to see why 1 vs the other.
Guacamole is either going to use VNC or RDP protocols. Both are relatively known quantities.
I have used Guacamole on Ubuntu 14.04 desktop servers to provide HTML5 access to LXC (linux container based) Ubuntu remote desktops.
That requires some configuration w/x11rdp and xfreerdp etc but there is a freakin great toolset with the odd name of "ScaryGliders" http://scarygliders.net/2012/05/23/the-scarygliders-x11rdp-o...
that hss the build down to an art. They GIT the latest code, do the required build and then install for you on your system. After that you just install Guacamole server side and you are done.
One future for LXC is with ARM based servers such as Calxeda. Approx 800 core with gigabit Ethernet fabric & I/O. And sata built-in for each core. About size of a Cisco catalyst 5000 box but less than 1000 watts.
Runs ubuntu or Red Hat and uses LXC for virtualization.
Last I saw it was <$100k
Biggest reason I still have for VM is when you need to virtualize a non Linux OS (windows etc). Other than that lxc now does just about anything a VM can do. Live migrate between machines, nested containers, remote desktops (freerdp, x2go). Understanding start control cgroup gives you is important. For a great GUI mgmt tool for LXC look at LXC Web Panel..!
Super easy as using the custom "profle" meant I really had to do nothing other than the single cmd to create the LXD container.. which took 15-20 seconds to create.