Applies to openSUSE Leap 42.1

4 Introduction to Linux Containers

Linux containers are a lightweight virtualization method to run multiple virtual units (containers) simultaneously on a single host. This is similar to the chroot environment. Containers are isolated with kernel Control Groups (cgroups) and kernel Namespaces.

Containers provide virtualization at the operating system level where the kernel controls the isolated containers. This is unlike full virtualization solutions like Xen or KVM where the processor simulates a complete hardware environment and controls virtual machines.

4.1 Overview

Conceptually, containers can be seen as an improved chroot technique. The difference is that a chroot environment separates only the file system, whereas containers go further and provide resource management and control via cgroups.

Benefits of Containers
  • Isolating applications and operating systems through containers.

  • Providing nearly native performance as container manages allocation of resources in real-time.

  • Controlling network interfaces and applying resources inside containers through cgroups.

Limitations of Containers
  • All containers run inside the host system's kernel and not with a different kernel.

  • Only allows Linux guest operating systems.

  • Security depends on the host system. Container is not secure. If you need a secure system, you can confine it using an AppArmor or SELinux profile.

Print this page