4 Introduction to Linux Containers #
Linux containers are a lightweight virtualization method to run multiple virtual units (“containers”) simultaneously on a single host. This is similar to the chroot environment. Containers are isolated with kernel Control Groups (cgroups) and kernel Namespaces.
Containers provide virtualization at the operating system level where the kernel controls the isolated containers. This is unlike full virtualization solutions like Xen or KVM where the processor simulates a complete hardware environment and controls virtual machines.
Conceptually, containers can be seen as an improved chroot technique. The difference is that a chroot environment separates only the file system, whereas containers go further and provide resource management and control via cgroups.
Isolating applications and operating systems through containers.
Providing nearly native performance as container manages allocation of resources in real-time.
Controlling network interfaces and applying resources inside containers through cgroups.
All containers run inside the host system's kernel and not with a different kernel.
Only allows Linux “guest” operating systems.
Security depends on the host system. Container is not secure. If you need a secure system, you can confine it using an AppArmor or SELinux profile.