systemd

This article describes how to setup a headless machine that contains encrypted partitions where the administrator can log in via SSH after boot, enter the decryption password and then continue to start the remaining services. It assumes Debian Jessie and systemd as the init system.

As a followup to the article about running Jessie LXCs without CAP_SYS_ADMIN, this article describes how to run Jessie LXCs under Wheezy.

Containers can be an alternative to virtualization in some cases. They require less resources (because the host's resources are reused) and are typically faster than virtual machines. Also, some things cannot be done as easily with virtualization. However, they do not provide the same security guarantees.

A solution for using bind mounts with options (such as read-only) in /etc/fstab on systemd systems is presented. By installing an additional systemd generator, bind-mounts in /etc/fstab will now respect additional options specified there. This is fully dynamic and the only configuration happens in /etc/fstab.