LXC
| LXC
|
|
|---|---|
|
|
| Basic data
|
|
| Maintainer | Daniel Lezcano, Serge Hallyn, Stéphane Graber |
| developer | Kernel: Parallels , IBM , Google LLC , Eric Biederman and others User areas: Daniel Lezcano, Serge Hallyn, Stéphane Graber and others |
| Publishing year | August 6, 2008 |
| Current version |
4.0.4 ( August 4, 2020 ) |
| operating system | Linux |
| programming language | C , Python 3 , Shell, Lua |
| category | Virtualization software |
| License | GNU LGPL v.2.1 (some parts under GNU GPL v2 or 2-clause-BSD ) |
| linuxcontainers.org | |
LXC ( L inu x C ontainers ) is a process for virtualization at the operating system level, which enables several Linux systems running in isolation from one another on a single host.
functionality
In contrast to other systems, LXC does not implement its virtualization using virtual machines. Instead, LXC creates a virtual environment which, although it has its own processes , uses the host system's kernel jointly for them.
LXC consists of a program library , various APIs for Python , Lua and Go , container templates and tools for controlling the containers. In addition to kernel namespaces, the latter uses other functions of the Linux kernel , such as SELinux and cgroups.
While the kernel namespaces isolate the processes from others (processes outside the namespaces are not visible), the cgroups take care of resource management. This can be used, for example, to limit the memory size, limit the data throughput in the network or on hard drives, or determine the number of available CPUs.
LXC provides an extended chroot environment and can therefore be compared with FreeBSD jails and Linux VServer .
safety
As of kernel version 3.12, kernel namespaces can be used for ipc , uts, mount , pid , network and user. From LXC version 1.0 onwards, it is possible to start a container under a different UID than that of root . This solves many security problems, in particular the host system can no longer be changed from the container, for example by writing to the file /proc/sysrq-trigger.
Web links
Individual evidence
- ↑ linuxcontainers.org .
- ↑ Release 4.0.4 . August 4, 2020 (accessed August 13, 2020).
- ↑ https://lwn.net/Articles/531114/