Content deleted Content added
→See also: +flatpak |
No edit summary |
||
(24 intermediate revisions by 14 users not shown) | |||
Line 1:
{{Short description|Operating system virtualization paradigm
{{More citations needed|date=November 2020}}
'''OS-level virtualization''' is an [[operating system]] (OS) [[virtualization]] paradigm in which the [[Kernel (operating system)|kernel]] allows the existence of multiple isolated [[user space and kernel space|user space]] instances,
On [[Unix-like]] operating systems, this feature can be seen as an advanced implementation of the standard [[chroot]] mechanism, which changes the apparent root folder for the current running process and its children. In addition to isolation mechanisms, the kernel often provides [[Resource management (computing)|resource-management]] features to limit the impact of one container's activities on other containers. Linux containers are all based on the virtualization, isolation, and resource management mechanisms provided by the [[Linux kernel]], notably [[Linux namespaces]] and [[cgroups]].<ref>{{cite web|url=http://www.netdevconf.org/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf|title=Namespaces and Cgroups, the basis of Linux Containers|first=Rosen|last=Rami|access-date=18 August 2016}}</ref>
== Operation ==
Line 28:
=== Flexibility ===
Operating-system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with [[Linux]], different distributions are fine, but other operating systems such as Windows cannot be hosted. Operating systems using variable input systematics are subject to limitations within the virtualized architecture. Adaptation methods including cloud-server relay analytics maintain the OS-level virtual environment within these applications.<ref>{{Cite book |last1=Huang |first1=D. |title=Proceedings of the 10th Parallel Data Storage Workshop |chapter=Experiences in using os-level virtualization for block I/O |year=2015|pages=13–18 |url=https://www.pdsw.org/pdsw15/papers/p13-huang.pdf |doi=10.1145/2834976.2834982 |isbn=9781450340083 |s2cid=3867190 }}</ref>
[[Oracle Solaris|Solaris]] partially overcomes the limitation described above with its [[branded zones]] feature, which provides the ability to run an environment within a container that emulates an older [[Solaris 8]] or 9 version in a Solaris 10 host. Linux branded zones (referred to as "lx" branded zones) are also available on [[x86]]-based Solaris systems, providing a complete Linux [[user space and kernel space|user space]] and support for the execution of Linux applications; additionally, Solaris provides utilities needed to install [[Red Hat Enterprise Linux]] 3.x or [[CentOS]] 3.x [[Linux distribution]]s inside "lx" zones.<ref>{{Cite web |url=http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/zones.intro-1/index.html |title=System administration guide: Oracle Solaris containers-resource management and Oracle Solaris zones, Chapter 16: Introduction to Solaris zones |year=2010 |access-date=2014-09-02 |publisher=[[Oracle Corporation]] }}</ref><ref>{{Cite web |url=http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/gchhy/index.html |title=System administration guide: Oracle Solaris containers-resource
=== Storage ===
Line 72:
|-
|[[Docker (software)|Docker]]
|[[Linux]],<ref>{{Cite web |url=http://www.infoq.com/news/2014/03/docker_0_9|title=Docker drops LXC as default execution environment |work=InfoQ
|{{open source|[[Apache License|Apache
| 2013
| {{Yes}}
| {{Yes}}
| {{Partial}}{{Efn|name="docker-disk-quotas"|For btrfs, overlay2, windowsfilter, and zfs storage drivers.
<ref>{{Cite web |url=https://docs.docker.com/reference/cli/docker/container/run/#storage-opt|title=docker container run - Set storage driver options per container (--storage-opt)|website=docs.docker.com|date=22 February 2024 }}</ref>}}
| {{Yes}} {{Nowrap|(since 1.10)}}
| {{Yes}}
Line 97 ⟶ 98:
| {{Yes}}
| {{Partial}}{{Efn|name="vserver-net"|Networking is based on isolation, not virtualization.}}
| {{
| {{No}}
| {{Partial|Partial{{Efn|name="linux-vserver-paper"|A total of 14 user capabilities are considered safe within a container. The rest may cannot be granted to processes within that container without allowing that process to potentially interfere with things outside that container.<ref>{{Cite web |url=http://linux-vserver.org/Paper#Secure_Capabilities|title=Paper - Linux-VServer| website=linux-vserver.org }}</ref>}}}}
Line 103 ⟶ 104:
| [[lmctfy]]
| [[Linux]]
| {{open source|[[Apache License|Apache
| 2013{{Ndash}}2015
| {{Yes}}
Line 112 ⟶ 113:
| {{Yes}}
| {{Partial}}{{Efn|name="vserver-net"}}
| {{
| {{No}}
| {{Partial|Partial{{Efn|name="linux-vserver-paper"}}}}
Line 183 ⟶ 184:
| {{Yes}} (ZFS)
| {{Yes}}
| {{Partial}}{{Efn|name="solaris-iolimit"|Yes with illumos<ref>{{Cite web |last=Pijewski |first=Bill |title=Our ZFS I/O
| {{Yes}}
| {{Yes}}
| {{Yes}}{{Efn|name="crossbow"|See [[Solaris network virtualization and resource control]] for more details.}}<ref>[http://www.opensolaris.org/os/project/crossbow/faq/ Network virtualization and resource control (Crossbow) FAQ] {{Webarchive|url=https://web.archive.org/web/20080601182802/http://www.opensolaris.org/os/project/crossbow/faq/ |date=2008-06-01 }}</ref><ref>{{Cite web |url=https://docs.oracle.com/cd/
| {{Partial}}{{Efn|name="solaris-nested"|Only when top level is a KVM zone (illumos) or a kz zone (Oracle).}}
| {{Partial}}{{Efn|name="kernelzone"|Starting in Solaris 11.3 Beta, Solaris Kernel Zones may use live migration.}}{{Efn|name="coldmig"|Cold migration (shutdown-move-restart) is implemented.}}
Line 201 ⟶ 202:
| {{Yes}}<ref name="rctl">{{Cite web |url=http://wiki.freebsd.org/Hierarchical_Resource_Limits |title=Hierarchical resource limits - FreeBSD Wiki |publisher=Wiki.freebsd.org |date=2012-10-27 |access-date=2014-01-15 }}</ref>
| {{Yes}}
| {{Yes}}<ref>{{Cite web|url=http://static.usenix.org/publications/library/proceedings/usenix03/tech/freenix03/full_papers/zec/zec.pdf |title=Implementing a clonable network stack in the FreeBSD kernel |publisher=usenix.org |date=2003-06-13 |first=Marko |last=Zec }}</ref>
| {{Yes}}
| {{Partial}}<ref name="freebsdvps">{{Cite web |url=http://www.7he.at/freebsd/vps/|title=VPS for FreeBSD |access-date=2016-02-20 }}</ref><ref name="freebsdvpsannounce">{{Cite web |url=https://forums.freebsd.org/threads/34284/ |title=[Announcement] VPS // OS virtualization // alpha release |date=31 August 2012 |access-date=2016-02-20 }}</ref>
Line 213 ⟶ 214:
| {{Yes}}<ref name=vkd.4>{{Cite web |url=http://mdoc.su/d/vkd.4 |title=vkd(4) — Virtual kernel disc |publisher=[[DragonFly BSD]] |quote="treats the disk image as copy-on-write." }}</ref>
| {{N/A}}
| {{Dunno}}
| {{Yes}}<ref name=vkernel.7>{{Cite web |author=Sascha Wildner |date=2007-01-08 |url=http://bxr.su/d/share/man/man7/vkernel.7 |title=vkernel, vcd, vkd, vke — virtual kernel architecture |work=DragonFly miscellaneous information manual |publisher=[[DragonFly BSD]]}}
*{{Cite book |section=vkernel, vcd, vkd, vke - virtual kernel architecture |title=DragonFly miscellaneous information manual |url=http://mdoc.su/d/vkernel.7 }}</ref>
| {{Yes}}{{r|vkernel.7}}
| {{Yes}}<ref name=vke.4>{{Cite web |url=http://mdoc.su/d/vke.4 |title=vkernel, vcd, vkd, vke - virtual kernel architecture |work=DragonFly On-Line Manual Pages |publisher=[[DragonFly BSD]] }}</ref>
| {{Dunno}}
| {{Dunno}}
| {{Yes}}
|-
Line 252 ⟶ 253:
| {{Dunno}}
|-
|
|[[Windows XP]]
|{{Proprietary|[[Freeware]]}}
Line 263 ⟶ 264:
| {{No}}
| {{No}}
| {{
| {{No}}
| {{Dunno}}
Line 293 ⟶ 294:
| {{Yes}}<ref name="systemd-nspawn manual"/><ref name="Systemd service unit files parameters"/>
| {{Yes}}
| {{
| {{
| {{Yes}}
|-
Line 314 ⟶ 315:
| [[Rocket (software)|rkt]] (''rocket'')
| [[Linux]]
| {{Open source|[[Apache License|Apache
| 2014<ref>{{Cite web |last1=Polvi |first1=Alex |title=CoreOS is building a container runtime, rkt |url=https://coreos.com/blog/rocket.html |archive-url=https://web.archive.org/web/20190401013449/https://coreos.com/blog/rocket.html |archive-date=2019-04-01 |website=CoreOS Blog |access-date=12 March 2019}}</ref>–2018
| {{Yes}}
Line 323 ⟶ 324:
| {{Yes}}
| {{Yes}}
| {{
| {{
| {{Yes}}
|}
Line 330 ⟶ 331:
Linux containers not listed above include:
* [[LXC#LXD|LXD]], an alternative wrapper around [[LXC]] developed by [[Canonical (company)|Canonical]]<ref>{{Cite web |access-date=2021-02-11 |title=LXD |url=https://linuxcontainers.org/lxd/ |website=linuxcontainers.org }}</ref>
*[[Podman]],<ref>[https://indico.cern.ch/event/757415/contributions/3421994/attachments/1855302/3047064/Podman_Rootless_Containers.pdf Rootless containers with Podman and fuse-overlayfs], CERN workshop, 2019-06-04</ref> an advanced Kubernetes ready root-less secure drop-in replacement for Docker with support for multiple container image formats, including OCI and Docker images
* [[Charliecloud]], a set of container tools used on HPC systems<ref>{{Cite web |url=https://
* [[Kata Containers]] MicroVM Platform<ref>{{Cite web |url=https://katacontainers.io/ |title=Home |website=katacontainers.io}}</ref>
* Bottlerocket is a Linux-based open-source operating system that is purpose-built by [[Amazon Web Services]] for running containers on virtual machines or bare metal hosts<ref>{{Cite web |url=https://aws.amazon.com/bottlerocket/ |title=Bottlerocket
* [[
== See also ==
Line 362 ⟶ 363:
* [https://www.kernelthread.com/publications/virtualization/ An introduction to virtualization] {{Webarchive|url=https://web.archive.org/web/20191128152118/http://www.kernelthread.com/publications/virtualization |date=2019-11-28 }}
* [https://wiki.openvz.org/Introduction_to_virtualization A short intro to three different virtualization techniques]
* [https://thijs.ai/papers/scheepers-virtualization-containerization.pdf Virtualization and containerization of application infrastructure: A comparison] {{Webarchive|url=https://web.archive.org/web/20230315103310/https://thijs.ai/papers/scheepers-virtualization-containerization.pdf |date=2023-03-15 }}, June 22, 2015, by Mathijs Jeroen Scheepers
* [https://lwn.net/Articles/646054/ Containers and persistent data], [[LWN.net]], May 28, 2015, by Josh Berkus
Line 369 ⟶ 370:
{{DEFAULTSORT:Operating-system-level virtualization}}
[[Category:Operating system security]]
[[Category:Virtualization]]
[[Category:Linux]]
|