Linux Containers provide lightweight virtualization that lets you isolate processes and resources without the need to provide instruction interpretation mechanisms and other complexities of full virtualization. In this step-by-step tour of Linux container tools (LXC), the author introduces you to the Linux container tools and shows how to get up and running on them. This article will show you how Linux containers significantly lower the overhead of using true virtualization, while still providing isolation.
I’ve been waiting to hear about LXC for a while. I don’t think it is on most people radar yet. Having containers upstream in the kernel will be a huge advantage, and will complement consolidation, full virt, and multicore systems all nicely.
The DreagonFly BSD kernel was designed from the beginning to be able to run as a process on itself with little overhead:
http://leaf.dragonflybsd.org/cgi/web-man/?command=vkernel§ion=A…
I think think this is the closest you can get to easy, lightweight virtualization.
except for solaris zones
How long before all of the patches are accepted?
My understanding is that it will be atleast two to three upstream kernel releases. Give it say, six months
I’m not sure it will be very useful without fine grained resource controls (cpu/mem/swap) such as those Solaris zones have. In this state it seems to be just another security tool. But it’s not much of a security improvement, if you allow users or processes in a container to exhaust e.g. cpu resources used by all containers in the system.
How does this compare to Linux-VServer? And to Virtuozzo, by extension. They seem to be the same, the ability to run multiple userlands on a single kernel. Similar to FreeBSD jails or Solaris zones.
So, is this new method better, worse, the same, or just different from Linux-VServer?