I found on Debian Handbook some isolations limits about LXC.
Those limits are about :
For Memory isolation and filesystems, it does not seem to be a problem because it's possible to configure containers to isolate them. But there is a way to secure the Kernel enough to ensure an untrusted user can't compromise the kernel and can't read message kernel ?
If it's possible, is this restrained user access constraining for an IaaS ? Or is not it better to use real virtualization or para-virtualization to offer IaaS solutions ?
All the Linux containers still run under one kernel. If said kernel is compromised and since that kernel is running in the most privileged hardware mode (ring 0 for x86) it can affect every container running. With traditional hardware virtualization even if one guest kernel is compromised the hypervisor basically exists in another ring of protection (again x86 terminology) to isolate virtual guests. Of course it is possible to compromise the hypervisor assuming there is an error in its implementation, but compromising a virtual machine will not directly affect the other guests.
Also a compromised guest could indirectly affect the other guests via the (virtualized) network, i.e. sending malicious messages, but that is analogous to one machine in a network being compromised and doing the same to another machine, without virtualization. Furthermore, a compromised guest could start to affect the performance of the other machines via micro-architectural elements, e.g. thrashing the cache, or use said micro-architectural elements as a side channel attack to gleam some information about the other virtual machine.