Linux Containers Project

Linux Containers is a project created to provide a distro- and vendor-neutral environment for the development of Linux container technologies. The umbrella project’s focus is on system containers, which provide environments similar to a virtual machine (VM) but without the associated overhead. Linux Containers projects involve self-contained images, complete with their own execution environments, running at a an operating system level rather than as a full virtual machine (VM).

Linux Containers projects:

LXC: An operating system-level virtualization environment.

LXD:   A set of tools that allows administrators to deploy, manage and secure containers in much the same way that a hypervisor enables administrators to manage virtual machines.

LXCFS: A userspace file system that overcomes shortcomings of some components by exporting files that match what a system container user would expect.

Using containers on the same hardware can allow for 6-8 times more duplicate instances of an operating system than is possible with a conventional VM. The use of Linux for containers allows for cgroups (control groups) to enable fine control of resources. With customizable and dedicated CPU, memory, storage and network resources, containers allow isolated Linux environments to run in a trimmed-down OS-level VM. This control also makes it possible to limit programs that might otherwise consume all available resources. Programs for scientific computing, for example, could be constrained to a desired amount of available compute power, memory, disk I/O or network bandwidth so admins can better balance all available resources.

Linux containers used to have security issues because they couldn’t run in an unprivileged environment. However, security improvements have made it possible for them to run in limited user accounts. Since LXC 1.0, with proper configuration, security is possible even where containers are privileged.