Historically Nova has had a bunch of code which mounted images on the host OS using qemu-nbd before passing them to libvirt to setup the LXC container. Since 1.0.6, libvirt is able todo this itself and it would simplify the codepaths in Nova if we can rely on that In general, without use of user namespaces, LXC can't really be considered secure in OpenStack, and this already requires libvirt version 1.1.1 and Nova Juno release. As such I'd be surprised if anyone is running OpenStack with libvirt & LXC in production on libvirt < 1.1.1 as it would be pretty insecure, but stranger things have happened. The general libvirt min requirement for LXC, QEMU and KVM currently is 0.9.11. We're *not* proposing to change the QEMU/KVM min libvirt, but feel it is worth increasing the LXC min libvirt to 1.0.6 So would anyone object if we increased min libvirt to 1.0.6 when running the LXC driver ? Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|