We\u2019ve been experimenting with an alternative to the \u201cone VM per developer\u201d model\nfor SSH-based development environments.
The project is called Containarium:\nhttps://github.com/FootprintAI/Containarium
The idea is simple:\n- One cloud VM\n- Many unprivileged LXC system containers\n- Each user gets their own isolated Linux environment via SSH (ProxyJump)\n- Persistent storage survives VM restarts
This is NOT Kubernetes, Docker app containers, or a web IDE.\nEach container behaves like a lightweight VM (full OS, users, SSH access).
Why we built it:\nWe kept seeing teams pay for dozens of mostly-idle VMs just to give people\na place to SSH into. Using LXC, we can host tens or hundreds of environments\non a single VM and cut infra costs significantly.
What we\u2019re looking for:\n- Feedback from people who\u2019ve run multi-tenant Linux systems at scale\n- Security concerns we might be underestimating\n- Where this approach breaks down in real-world usage\n- Alternatives we should be considering (LXD, Proxmox, something else?)
Tradeoffs we\u2019re aware of:\n- Shared kernel (not VM-level isolation)\n- Not suitable for untrusted workloads\n- Linux-only\n- Requires infra discipline (limits, monitoring, backups)
This is early-stage and open source. APIs and workflows will evolve.
We\u2019re not trying to \u201creplace Kubernetes\u201d \u2014 just trying to do one thing well:\ncheap, fast, SSH-based dev environments.
Would love blunt feedback from folks who\u2019ve been down this road before.","title":null,"type":"comment","url":null},{"author":"Weryj","children":[{"author":"hsin003","children":[{"author":"Weryj","children":[],"created_at":"2026-01-10T17:44:39.000Z","created_at_i":1768067079,"id":46567987,"options":[],"parent_id":46566479,"points":null,"story_id":46566100,"text":"My setup is quite purpose built. I use Orleans as the main fabric of our codebase. But since the Orleans cluster is a 'virtual computer' in a sense, you can't rely on anything outside the runtime, since you don't know which machine your code is executing on.
So a Grain calls Proxmox with a generated SSH Key / CloudInit, then persists that to state, then deploys an Orleans client which connects to the cluster for any client side C# execution. There's lots you could do for isolated networks with the LXC setup, but my uses didn't require it.
Proxmox handles the horizontal scaling of the hardware.\nOrleans handles the horizontal scaling of the codebase.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:27:45.000Z","created_at_i":1768058865,"id":46566479,"options":[],"parent_id":46566430,"points":null,"story_id":46566100,"text":"That\u2019s awesome \u2014 thanks for sharing!
If you don\u2019t mind me asking:
- Did you use LXC containers, or full VMs for each sandbox? \n- How did you handle SSH / network isolation? \n- Any tips on making provisioning faster or keeping resources efficient?
We\u2019re using unprivileged LXC + SSH jump hosts on a single VM for cost efficiency. \nI\u2019d love to hear what tradeoffs you found using the Proxmox API.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:22:35.000Z","created_at_i":1768058555,"id":46566430,"options":[],"parent_id":46566100,"points":null,"story_id":46566100,"text":"I did the exact same thing for my own sandboxing. Through the Proxmox API","title":null,"type":"comment","url":null},{"author":"k_bx","children":[{"author":"hsin003","children":[{"author":"k_bx","children":[{"author":"rvz","children":[{"author":"hsin003","children":[],"created_at":"2026-01-10T15:51:59.000Z","created_at_i":1768060319,"id":46566696,"options":[],"parent_id":46566639,"points":null,"story_id":46566100,"text":"Containarium does indeed build on LXC/Incus and isn\u2019t trying to reinvent the wheel. If you\u2019ve run multi-tenant sandboxes at scale, we\u2019d love to hear what pitfalls or limitations you\u2019ve seen.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:44:37.000Z","created_at_i":1768059877,"id":46566639,"options":[],"parent_id":46566591,"points":null,"story_id":46566100,"text":"That's because it is, just like how this entire project is.
In fact, it is just using the same technologies as LXC and Incus. (It is exactly LXC and Incus)
So really nothing special at all. Perhaps people looked at the title and rushed to the repo.
When I saw "IMPLEMENTATION-PLAN.md" and "SECURITY-CHECKLIST.md" filled with hundreds of emojis, I immediately closed the tab and now replying to you that it is total slop.
2026 is the year of abundant "not invented here syndrome".","title":null,"type":"comment","url":null},{"author":"hsin003","children":[{"author":"k_bx","children":[{"author":"fc417fc802","children":[{"author":"k_bx","children":[{"author":"fc417fc802","children":[],"created_at":"2026-01-10T23:07:09.000Z","created_at_i":1768086429,"id":46570876,"options":[],"parent_id":46567168,"points":null,"story_id":46566100,"text":"I understand that. I'm saying that wrapping all the dev containers up inside a single VM serves to further protect the host system from the dev containers.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T16:39:38.000Z","created_at_i":1768063178,"id":46567168,"options":[],"parent_id":46567064,"points":null,"story_id":46566100,"text":"We're not talking VM vs containers. We're talking VM vs no VM at all in base system.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T16:29:33.000Z","created_at_i":1768062573,"id":46567064,"options":[],"parent_id":46566820,"points":null,"story_id":46566100,"text":"A VM is more robust as a security boundary than a container is. Still not as good as independent physical hardware but certainly worthwhile.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T16:05:17.000Z","created_at_i":1768061117,"id":46566820,"options":[],"parent_id":46566654,"points":null,"story_id":46566100,"text":"Why would I need a VM? I just install Proxmox on a computer/server and then create as many containers as I need. No VMs at all. VM is a waste.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:46:28.000Z","created_at_i":1768059988,"id":46566654,"options":[],"parent_id":46566591,"points":null,"story_id":46566100,"text":"Sorry, we want to understand your use case better. Did you provision *one VM via Proxmox* and then run *multiple users via Incus* inside it?
We\u2019re curious how you handled provisioning, isolation, and resource limits in your setup. More importantly, what\u2019s the maximum scale you\u2019ve been able to push?","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:39:40.000Z","created_at_i":1768059580,"id":46566591,"options":[],"parent_id":46566553,"points":null,"story_id":46566100,"text":"This reads like an AI-generated reply. It repeats the points which are already present in Incus/Proxmox and doesn't directly address the question.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:34:52.000Z","created_at_i":1768059292,"id":46566553,"options":[],"parent_id":46566505,"points":null,"story_id":46566100,"text":"Thanks for sharing! We\u2019re definitely aware that Incus + Proxmox are very mature and full-featured.
Containarium is more of a "purpose-built, single-VM, SSH-first dev environment" approach:
- Lightweight: 1 VM can host 50\u2013100+ LXC containers\n- Quick provisioning: seconds instead of minutes per environment\n- Focused on SSH workflows and dev sandboxing, not full datacenter management\n- Minimal infra overhead: no GUI, no HA cluster required
Tradeoffs we\u2019re aware of: \n- Shared kernel (not VM-level isolation)\n- Linux-only\n- Less built-in tooling compared to Proxmox
We designed it to *optimize for cost efficiency and rapid dev onboarding*, rather than full-featured virtualization.
Would love to hear if you see any pitfalls with this approach compared to using Proxmox/Incus in a single-host scenario!","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:30:09.000Z","created_at_i":1768059009,"id":46566505,"options":[],"parent_id":46566100,"points":null,"story_id":46566100,"text":"I use Incus and Proxmox for this, more mature and have quite a bit built around them. What does Containarium bring to the table compared to them?","title":null,"type":"comment","url":null},{"author":"BobbyTables2","children":[{"author":"hsin003","children":[],"created_at":"2026-01-10T16:52:14.000Z","created_at_i":1768063934,"id":46567341,"options":[],"parent_id":46566742,"points":null,"story_id":46566100,"text":"Good questions \u2014 yes, Containarium relies heavily on *user namespaces*. Here\u2019s how it works:
- We enable `security.nesting=true` on unprivileged LXC containers, so Docker can run inside (rootless).
- *User namespace isolation* ensures that even if a user is \u201croot\u201d inside the container, they are mapped to an unprivileged UID on the host (e.g., UID 100000), preventing access to host files or devices.
This setup allows developers to run Docker and do almost anything inside their sandbox, while keeping the host safe.","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T15:56:28.000Z","created_at_i":1768060588,"id":46566742,"options":[],"parent_id":46566100,"points":null,"story_id":46566100,"text":"How does one run docker inside an unprivileged LXC container?
If a developer can run Docker inside this, what stops them from mounting volumes from the host or changing namespaces?
Is this relying on user namespaces ?","title":null,"type":"comment","url":null}],"created_at":"2026-01-10T14:42:02.000Z","created_at_i":1768056122,"id":46566100,"options":[],"parent_id":null,"points":16,"story_id":46566100,"text":null,"title":"Show HN: Hosting 100 Linux dev environments on one VM using LXC","type":"story","url":"https://github.com/FootprintAI/Containarium"}