what is a Linux container? what's it for?
 

Just noticed this evidently new sub-forum. Linux container? I haven't heard that term. What does it mean? Or, what does a Linux container do and why would we want one?

I found this on the Wikipedia page. I'm figuring out that the key seems to be:
My knowledge is only good enough to vaguely understand that. But it seems to indicate that enhancing security was the point. The giveaways are using "isolation" twice and, elsewhere on the page, mentioning chroot jails. Am I right?

If I may suggest some light reading, you will want to research packages and documentation for things like LXC (or LXD) and OpenVZ for some different kinds of linux containers. Some Ubuntu documentation will only discuss one kind or another as if they were the entire world, but in fact there are several different types of Linux Containers. Read for general concepts first, rather than getting hung up on one particular implementation.

Using LXC style containers is more like chroot jails, isolating as little as a single process or an entire system environment much like full or para virtualization. An OpenVZ style container is designed to support complete linux system environments with even better separation and isolation, and greater power. (The latest OpenVZ also supports full virtualization alongside containers.) And these are just two examples, there are others.

Containers do virtualization using the kernel, and so are limited to the processes and systems that are supported by that kernel. They offer fine control, and much better density and performance as compared to full virtualization that must RUN a separate kernel. They a built faster, start faster, run faster, shut down faster, and provide much better server ROI: better even than full virtualization can.

Wonderfully interesting tools. We in IT get the very BEST toys to work with! ;-)

Docker's definition:

A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.

What is a container?

Tupperware for "stuff" ;)

Developer 101, have a good overview. The article is a few years old, however still has some good information.

https://www.developer.com/design/containers-101.html

One thing to note is that with a VM, hardware allocation is locked in, where as with a container, like Docker, takes only what it needs. Pretty good stuff especially where I work, I always see VMs that are over-allocated with RAM and storage and never doing anything with it.

A Linux container is similar in concept – but not in implementation – to "a chroot jail, on steroids." :)

"Virtual Machines" are often used merely as a mechanism for providing isolation. But, "if isolation is all that you really need," virtual machines are an inefficient way to do it. Containers provide an alternative way of satisfying the same isolation requirements, albeit in a fundamentally different way than virtual machines do.

The Linux kernel now has a combination of facilities which, when used together, can put "rose-colored glasses" on a process and also strictly confine its resource usage. "Containers," then, provide a convenient way to cause all of these separate facilities to work seamlessly together, in order to create for a process (group) the illusion that it is operating in an isolated environment and that it is in charge of that environment. In reality, the process is being directly executed by the Linux host.

Since containers are basically just a set of rules, they can be created and destroyed almost instantaneously, and they have none of the overhead of virtual machines. Furthermore, you aren't having to deal with the influence of the hypervisor: everything is actually being done by the host Linux OS and is directly managed by its various schedulers. If your particular requirements can be satisfied by containers, they're the way to go.

There are several types of containers, depending on the exact level and nature of isolation that you require. They employ the underlying Linux kernel facilities in different ways to satisfy different objectives.

In a virtual machine (VM), the computer virtualizes a whole computer.
Inside the virtual machine you install a full operating system.
This thing takes a lot of system resources and you can have just a couple of VMs on your computer.

However, a Linux container (https://linuxcontainers.org/) does about the same as a VM,
but does not take that many resources. You can have many more Linux containers on a single computer than VMs.
On my desktop computer I happen to run now five Linux containers.

There are several ways to get Linux containers on your Linux computer.
My preference is to use LXD (pre-installed on Ubuntu, but can also install on other distributions).
LXD is a management software for Linux containers, that helps you avoid many manual tasks.

Linux containers (with LXD) are so lightweight, that you can test them from your Web browser (for free)!
Go through the tutorial at https://linuxcontainers.org/lxd/try-it/ and you will get a good understanding how they work.
In that website, they create an LXC (well LXD/LXC container) for you over the browser, and inside there they let you create your own containers (nested containers).

You can also run GUI apps inside a LXC container with full hardware acceleration! See https://blog.simos.info/how-to-run-g...buntu-desktop/ for more.