production ready doesn't mean much tho. you can use anything you like for prod. it doesn't make it better or worse.
a ton of things that are considered "production ready" today are crippled with bugs, design flaws, etc.
The major issue of linux namespaces (or containers or "lxc" if you will) is that they're generally used as a security feature and haven't not been designed primarily as a security feature.
(it wouldn't have entered the kernel if it had been designed as such anyways)
vm's provide a better level of isolation so far, even thus they're not perfect either.
and for what it's worth, freebsd for example (among some others) provide a similar namespacing that is much better security wise. also openvz, vservers are doing similar things.
Oh and rsbac's jail too. (it might be the "strongest" of the list)
production ready doesn't mean much tho. you can use anything you like for prod. it doesn't make it better or worse.
a ton of things that are considered "production ready" today are crippled with bugs, design flaws, etc.
The major issue of linux namespaces (or containers or "lxc" if you will) is that they're generally used as a security feature and haven't not been designed primarily as a security feature. (it wouldn't have entered the kernel if it had been designed as such anyways) vm's provide a better level of isolation so far, even thus they're not perfect either.
and for what it's worth, freebsd for example (among some others) provide a similar namespacing that is much better security wise. also openvz, vservers are doing similar things. Oh and rsbac's jail too. (it might be the "strongest" of the list)