Difference between revisions of "Container"
(Created page with "Category:LinuxLV Category:Virtualization and Containers == Motivation == Container provide a light-weighted virtualization where the kernel of your system is used b...") |
(→Why Container?) |
||
| Line 12: | Line 12: | ||
Today, Linux has a generalized framework for limiting what processes can see with the "'''cgroups'''" which is used for container-type virtualization. |
Today, Linux has a generalized framework for limiting what processes can see with the "'''cgroups'''" which is used for container-type virtualization. |
||
| + | |||
| + | What was driving this was not so much security or the desire to run |
||
Revision as of 20:06, 31 October 2020
Motivation
Container provide a light-weighted virtualization where the kernel of your system is used but the processes that have a different view onto the system. Here you will learn the basic terminology of the container world and some examples.
Why Container?
In the beginning was the chroot command that allows a process to see only a part of the file-system but it was never meant as a secure confinement. FreeBSD developed something out of this with the name "jail" where you could really limit a process. Jails where limited to be only able to interact with processes inside its jail and also restricted with certain operations.
When Linux become popular hosting-providers wanted to offer cheap "root-servers" to customers without the overhead of full virtualization. This lead to the creation of "linux-VServers" but this was not part of the mainline kernel.
Today, Linux has a generalized framework for limiting what processes can see with the "cgroups" which is used for container-type virtualization.
What was driving this was not so much security or the desire to run
