Prime Time for Linux Containers

von Christoph Mitasch (Thomas-Krenn.AG)

During the past months Linux containers made very big steps towards getting production ready.

LXC 1.0 will be released during February 2014. This will be the first stable LXC release ever. Thanks to Ubuntu 14.04 LTS inclusion, it will be supported for 5 years.

In the past Linux containers have often been considered insecure. There have been many efforts that allowed to greatly enhance security in the past: capabilities, cgroups, Apparmor/SELinux, Seccomp

Starting with kernel 3.12 (user namepace) and LXC 1.0 unprivileged containers become reality. That means containers can run under unprivileged users. Breaking out of a container would not lead to root rights on the host anymore.

Last year Google also made public that they are using container features (mainly cgroups) since 2007 for their services. In October they have published their container management tools called lmctfy (let me contain that for you).

We have now three stable management tools for containers: LXC, OpenVZ and lmctfy. In addition there are other higher level tools like Docker.

Über den Autor Christoph Mitasch:

Christoph Mitasch is working as a technology specialist at Thomas-Krenn.AG. He is currently responsible for maintaining and advancing the webshop infrastructure. Starting as a university project in 2002, he has acquired in depth knowledge in the area of high availability and data replication in Linux. After a few years at IBM, he joined Thomas-Krenn.AG and developed a Linux HA cluster solution with integrated virtualization. Christoph was a speaker at LinuxTag, LinuxCon Europe, Linuxwochen, CeBit and Systems.