Is LXD safe for running untrusted code in multi-tenant environments?


Sorry if this is a newbie question, but I don’t understand if LXD is only suited for running your own code in containers (similar to Docker) or if it can run untrusted (malicious) code in a safe way.

Is it safe to use LXD for running arbitrary code provided by users of a multi-tenant SaaS? For example, if I build a multi-tenant CI / CD service (like Travis, CircleCI, etc.) is LXD a safe choice?

I see that Firecracker explicitly talks about security in multi-tenant environments: is the same security / isolation provided by LXD as well? Or is Firecracker more secure for running third-party / unsafe code on shared servers? Are there any major differences between LXD and Firecracker (e.g. security, performance, etc)?

Thanks in advance!


In computer security, safe and secure are very specific terms. Especially, secure can mean several things.

The way I would tackle these issues, is this:

  1. You have the choice of virtual machines and containers. For both there are several implementations, but the gist is that with virtual machines, the computer has to offer hardware support for virtualization to work. And with virtualization, there hare nice hardware barriers between the VMs and the host. With containers, the barrier is the Linux kernel; the Linux kernel offers security primitives (namespaces, cgroups) that separate process trees from each other.
  2. Things tend to break less if they are smaller in size or have less features. This can be a rule of thumb when you choose between VM implementations and container implementations.
  3. With LXD, you can have instances for both VMs (KVM/qemu) and containers(system containers, LXC style and different from Docker).

Let’s add to the mix the baremetal servers. Twenty years ago there were only (mostly?) baremetal servers, which was cool for physical isolation.

Depending on your budget and assessment of the demands, you would pick and choose between baremetal servers, VMs and containers. You might end up with something like a baremetal server with 6 VMs (LXD), and in three of the VMs you would have LXD system containers.

Having said all that, Firecracker is not immediately comparable to LXD VM. As I understand, Firecracker compares to Docker (application containers) and just cannot run a Linux distribution.

Thanks for the explanation!

However from a practical point of view I don’t understand this:

  • are LXD system containers secure for running untrusted code?
  • are LXD VM secure for running untrusted code?

i.e. with the word “practical”, I mean, would you build AWS Lambda, CircleCI, TraviCI, etc. on top of that? Do they grant enough security in a multi-tenant environment?

For example:

  • I know that KVM is perfectly secure for that use cases (think to DO droplets, EC2, etc) and that Firecracker is perfectly secure for that (think to AWS Lambda)…
  • Docker is not 100% secure because is not made for that (there are various discussion on Security Stackexchange)
  • And what about LXD (VM and system containers)?

LXD uses KVM via qemu for its VMs and for containers it uses the same kernel features (I.e cgroups and namespaces) as docker. LXD by default runs VMs and containers unprivileged meaning should a process running as root inside an instance escape to the host it will not have general root access to the host.

LXD also offers the ability to run each container using a separate UID range so that an escape to the host won’t be able to access processes in other containers.

For more info see

1 Like