
What are Linux containers and how did they come about? - WestCoastJustin
http://bitmason.blogspot.ca/2013/09/what-are-containers-anyway.html
======
derefr
In practice, containers are process groups with access restrictions.

In _theory_ , though, containers are simply an optimization of virtual
machines, and are best understood that way. If you can use virtual machines to
solve a problem--and your virtual machines are all generally based on a recent
Linux--then you can achieve the same thing, using far fewer resources, by
using containers.

~~~
MrBuddyCasino
I think we've used something similar some time ago (maybe XEN?) and had the
following issues, how does Docker compare: \- what happens when one container
changes the system clock? \- are iptables rules per container or global?

~~~
ambiate
As far as I understand, the clock and such are tied to the base host. Typing
'uptime' in my linux container shows 5 days, the uptime of the base host.

~~~
justincormack
In theory things like the clock could be namespaced too, if anyone found it
useful.

~~~
MrBuddyCasino
That would be useful - sometimes you have to change the system time to debug
some code, and if that trips up all the other containers, its a deal breaker
for us.

------
gaius
_the concept--and products based on that concept--has been around for almost a
decade_

Closer to 6 decades, this is old hat for IBM mainframes.

For me the question is tho', why virtualize? And the answer I keep coming back
to is that a) it is too hard to retrofit good manageability onto processes as
the basic unit of applications and b) people are used to it, the idea of
having 1 machine per app, when really it isn't cost effective to do that.

~~~
ambiate
Segregate applications. If app one gets compromised, app two is off in another
land. If my linode box gets hacked, without containers, all 16 websites will
be compromised/go down.

Desktop virtualization using the NX protocol and Linux containers is also
really friendly. Our company uses old Pentium D boxes for desktops. The
performance gain from using a thin client + lxc + lubuntu is insane! I can
actually watch youtube videos and draw in OpenOffice Writer. (Also great for
disaster recovery scenarios).

~~~
gaius
But processes - theoretically - are segregated. Own address space, running as
different users, bound to a processor set, etc. The use of hypervisors is
because processes in practice don't really do what they say on the tin, so you
need to force another layer of protection and manageability in, and just eat
the overhead.

~~~
ambiate
I suppose I was thinking from the 'lazy throw up apache, mysql and wordpress'
mindset. If example.com is in its own container with its own mysql database, I
do not have to worry about www.test.com getting exploited and example.com's
mysql data getting leaked into the wild. I'm also from the days when buffer
overflows were on every daemon. Unauthorized remote shell access was always a
threat back in those days.

------
gtrubetskoy
This article curiously fails to mention Linux VServer [http://linux-
vserver.org/](http://linux-vserver.org/) which has done this since 2003 and
unlike Virtuozzo has always been completely open source. We've used it with
great success in a hosting product.

~~~
ghaff
I probably should have mentioned it. Virtuozzo was much higher profile at the
time I was closely following various workload separation technologies--in part
because it was making a serious attempt to position itself as an alternative
to VMware in the enterprise space. (Something it ultimately failed to do
although it continued to enjoy considerable success in hosting.) The fact is
that there have been lots of different isolation approaches, including OS
virtualization, and Virtuozzo's implementation of OS virtualization--while
hardly unique--was the best known along with Solaris Containers.

------
octix
Can anyone please give a simple example or link of a use case of containers
need?

I use KVM/Qemu VMs at home and work(dev box), I have a dozen always running
VMs. However, I started to read more and more about LXC containers, and still
cannot grasp their importance... for example, I manage a few VPSs too, each
has it's own purpose (web server, database), how could LXC help me?

Thank you in advance.

~~~
ghaff
Basically every Platform-as-a-Service uses containers. They're much more
efficient than VMs (resources, spin-up/down times) and the underlying
infrastructure is standardized anyway. They may not very well not be relevant
to a couple of home systems. We're talking about large-scale infrastructures.

~~~
octix
Yes, fast spin-up/down are an advantage.

Thanks.

------
slig
This is the current text:

> to change the text of this page send 0.1 btc to
> 16JMNc3B5vCkuuPxNcNj388gmhP8UDKBuW

Well done, it didn't take more than 1 hour to someone find a loophole.

~~~
gaius
Isn't that $100? The mind boggles.

