Getting started with Unprivileged Linux Containers in Ubuntu 14.04

People familiar with Solaris 10 or AIX 7 and later will know that it is possible run additional sub-instances of the operating system, called Zones and WPARs, respectively. The idea is to have a single kernel managing the process table and I/O in such a way that certain elements are tagged and sectioned off, similar to a chroot jail. The difference is that a Solaris Zone or WPAR appears to operate as a completely separate OS instance that can be restricted by resource controls applied in the "global" OS.

Enter Linux Containers (aka LXC). Developers of the OpenVZ project have contributed much of their work to the upstream Linux kernel and with Ubuntu 14.04 (LTS) Trusty Tahr, Linux Containers 1.0 has been made available to a mainstream Linux server distribution.

Subscribe to RSS - security