Then I guess something happened in the last year or so and all of the sudden it became very popular. dotCloud certainly has a lot to do with it. Was it better libvirt integration, too, perhaps: http://libvirt.org/drvlxc.html
Now of course it cannot completely replace KVM because it is more of a container than a full virtualization. So running Windows VMs on will not work. For Linux one could probably have a farm of hosts based on various distros (with LXC enabled) and that would provide the ability to run various Linux OS guests, by picking the hosts that matches it.
pkgsrc (http://www.pkgsrc.org) does a good job at making sure most packages you'd need are available.
I've grown more and more frustrated with the direction of Linux distributions over the past couple of years that I'm mostly avoiding new installations. I've been using OpenSolaris derived distributions for a while for ZFS, but I've come to the realization that SmartOS covers the majority of my general computing needs as well. Anything I write and deploy goes on SmartOS.
For tools that won't work on SmartOS for a technical reason, I'm using FreeBSD more. My firewalls have been OpenBSD for quite some time.
PS: I don't mean any disrespect towards OpenCSW, the packages that were there saved me a ton of trouble earlier this year. Packaging is tough.
When I was using it, KVM had some small memory and CPU overhead, but it's a fair point.
> ...so hardware compatibility is less of a concern.
That's definitely a problem. I'd very much like for SmartOS to branch out from just Intel, but they seem to be keeping development centered around the hardware they use for Joyent Cloud.
That's with a Linux hypervisor though, so I wonder if SmartOS has any more impact on performance.
LXC has gotten me very excited about testing new linux services on a home box again. I always worry about exposing a server to the internet with any new services. The idea that a compromise on the box could leak everything that's on the box usually leads me to avoid exploring new services.
LXCs seem to give me hope that I could experience a compromise, but not lose everything.
- Without CONFIG_USER_NS and a newer kernel a lot of problematic things can happen. If /proc or /sysfs is mounted on the container DoS or escalation to root is possible: http://blog.bofh.it/debian/id_413 - At the moment no stock distro kernel has CONFIG_USER_NS enabled.
- There are some issues related to remounting filesystems rw and altering files
- Mounting cgroups in the container can also lead to problems - DoS and aquiring more ressources
- Capabilities. You stock Linux distribution won't boot without CAP_SYS_ADMIN (see man 7 capabilities) - there are a lot of other capabilities that could be troublesome.
- Not sure about this one: http://seclists.org/oss-sec/2011/q3/385
So for running services without CAP_SYS_ADMIN and with dropping a lot of other capabilities it can be considered somewhat safe. For everything else it's probably dangerous.
Not sure if all these issues are still a problem today but if you are running lxc on e.g. a current Debian Wheezy you have to know about all of them.
Apparently the reason is that it's not compatible with XFS filesystem until 3.12 , and even though nobody uses  the XFS filesystem, backwards compatibility takes precedence over new features.
This is changed in 3.12, but it looks like the patch just missed the boat for Ubuntu Saucy .
 By "nobody uses," I mean "I don't use it"
I see the convenience argument, which is why people like docker, but basically adding a whole OS overhead to every process you want to run is basically insane in my view.
There is a growing trend of people building micro-containers with just the bare minimum for their application. Docker is facilitating that trend, not preventing it. If only because it explicitly encourages thinking of containers as application-oriented, not machine oriented.
I'm still learning about LXC so my post regarding security may be inaccurate. I'd just thought I'd share it because a lot of people think it's as secure as a virtual machine. I hope soon it is.
"I don't know much about LXC, and I don't know what the defaults are, but I assume that this trivial wrapper around LXC provides more security".
It was just a well intended warning - similiar to the warnings in the Ubuntu docs: https://help.ubuntu.com/12.04/serverguide/lxc.html#lxc-secur... and Gentoo: https://wiki.gentoo.org/wiki/LXC#MAJOR_Temporary_Problems_wi...
Here is the default configuration for Ubuntu 13.10 in comparision: https://gist.github.com/anonymous/7550932
[Source: @solomonstre, in person at a Docker meetup a few weeks ago]
Our sysadmin left after he deployed LXC "goodness" to make things "better" and we are still in a recovery mode from this.
I'm sure they'd argue for days how that's not true (plus some of the LXC folks actually implemented the namespacing) - but at the end of the day I make my "jail" with the "unshare" command and mount, much simpler..
Looked promising, but I never had success getting it going despite the promises on the webpage.
And it looks like little activity and still quite a low profile after all these years.