I would just like to point out that lxc offers zero isolation of tasks. UID/GID mapping isn't done thus a root user in a lxc container has all the power as root on the host among many other things. LXC is glorified resource control with a few minor isolation features (syslog in 2.6.38 and posix caps I think and current namespacing in Linux) right now and nowhere realiable as a real isolation environment
The standard setup for compute clusters is that there is an admin ops team that is assumed to be trustworthy and then many untrusted users. Is this a problem for these use cases? I think the untrusted admin is less of an issue for most organizations.
I would just like to point out that lxc offers zero isolation of tasks. UID/GID mapping isn't done thus a root user in a lxc container has all the power as root on the host among many other things. LXC is glorified resource control with a few minor isolation features (syslog in 2.6.38 and posix caps I think and current namespacing in Linux) right now and nowhere realiable as a real isolation environment