OS-level virtualization: Difference between revisions

Content deleted Content added
m Cited a AWS blog that talks in-depth about the security use case with EBS
No edit summary
Line 6:
On [[Unix-like]] operating systems, this feature can be seen as an advanced implementation of the standard [[chroot]] mechanism, which changes the apparent root folder for the current running process and its children. In addition to isolation mechanisms, the kernel often provides [[Resource management (computing)|resource-management]] features to limit the impact of one container's activities on other containers. Linux containers are all based on the virtualization, isolation, and resource management mechanisms provided by the [[Linux kernel]], notably [[Linux namespaces]] and [[cgroups]].<ref>{{cite web|url=http://www.netdevconf.org/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf|title=Namespaces and Cgroups, the basis of Linux Containers|first=Rosen|last=Rami|access-date=18 August 2016}}</ref>
 
The term ''container'', while most popularly referring to OS-level virtualization systems, is sometimes ambiguously used to refer to fuller [[virtual machine]] environments operating in varying degrees of concert with the host OS, e.g., [[Microsoft|Microsoft's]] ''[[Hyper-V]] containers''. A more historic overview of [[virtualization]] in general since 1960 can be found in the [[Timeline of virtualization development]].
 
== Operation ==