|
LXC
Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. The Linux kernel provides the cgroups functionality that allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and also the namespace isolation functionality that allows complete isolation of an application's view of the operating environment, including process trees, networking, user IDs and mounted file systems. LXC combines the kernel's cgroups and support for isolated namespaces to provide an isolated environment for applications. Early versions of Docker used LXC as the container execution driver, though LXC was made optional in v0.9 and support was dropped in Docker v1.10. Overview LXC was initially developed by IBM, as part of a collaboration between several parties looking to add namespaces to the k ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Operating System-level Virtualization
OS-level virtualization is an operating system (OS) virtualization paradigm in which the Kernel (operating system), kernel allows the existence of multiple isolated user space and kernel space, user space instances, including containers (LXC, Solaris Containers, AIX Workload_Partitions, WPARs, HP-UX SRP Containers, Docker (software), Docker, Podman), zones (Solaris Containers), virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels (vkernel, DragonFly BSD), and jails (FreeBSD jail and chroot). Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, Shared resource, network shares, CPU power, quantifiable hardware capabilities) of that computer. Programs running inside a Containerization (computing), container can only see the container's contents and devices assigned to the container. On U ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OS-level Virtualization
OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, including containers ( LXC, Solaris Containers, AIX WPARs, HP-UX SRP Containers, Docker, Podman), zones ( Solaris Containers), virtual private servers ( OpenVZ), partitions, virtual environments (VEs), virtual kernels (DragonFly BSD), and jails ( FreeBSD jail and chroot). Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. Programs running inside a container can only see the container's contents and devices assigned to the container. On Unix-like operating systems, this feature can be seen as an advanced implementation of the standard chroot mechanism, which changes the apparen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cgroups
cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.) of a collection of processes. Engineers at Google started the work on this feature in 2006 under the name "process containers". In late 2007, the nomenclature changed to "control groups" to avoid confusion caused by multiple meanings of the term "container" in the Linux kernel context, and the control groups functionality was merged into the Linux kernel mainline in kernel version 2.6.24, which was released in January 2008. Since then, developers have added many new features and controllers, such as support for kernfs in 2014, firewalling, and unified hierarchy. cgroup v2 was merged in Linux kernel 4.5 with significant changes to the interface and internal functionality. Versions There are two versions of cgroups. Cgroups was originally written by Paul Menage and Rohit Seth, and merged into the mainline Linux ker ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Docker (software)
Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called ''containers''. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine. It was first released in 2013 and is developed by Docker, Inc. Docker is a tool that is used to automate the deployment of applications in lightweight containers so that applications can work efficiently in different environments in isolation. Background Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. Because all of the containers share the services of a single operating system kernel, they use fewer resources than virtual machines. Operation Docker can package an application and its dependencies in a virtual container that can run on any Linux, Windows, or macOS computer. This enables the appli ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chroot
chroot is a shell (computer), shell command (computing), command and a system call on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its Child process, children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term ''chroot'' may refer to the system call or the command-line interface, command-line utility. The modified environment is called a chroot jail. History The chroot system call was introduced during development of Version 7 Unix in 1979. One source suggests that Bill Joy added it on 18 March 1982 – 17 months before Berkeley Software Distribution, 4.2BSD was released – in order to test its installation and build system. All versions of BSD that had a kernel have chroot(2). An early use of the term "jail" as applied to chroot comes from William Cheswick, Bill Cheswick creating a Honeypot ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenVZ
OpenVZ (Open Virtuozzo) is an operating-system-level virtualization technology for Linux. It allows a physical server to run multiple isolated operating system instances, called containers, virtual private servers (VPSs), or virtual environments (VEs). OpenVZ is similar to Solaris Containers and LXC. OpenVZ compared to other virtualization technologies While virtualization technologies such as VMware, Xen and Kernel-based Virtual Machine, KVM provide full virtualization and can run multiple operating systems and different kernel versions, OpenVZ uses a single Linux kernel and therefore can run only Linux. All OpenVZ containers share the same architecture and kernel version. This can be a disadvantage in situations where guests require different kernel versions than that of the host. However, as it does not have the overhead of a true hypervisor, it is very fast and efficient. Memory allocation with OpenVZ is soft in that memory not used in one virtual environment can be used ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux Namespaces
Namespaces are a feature of the Linux kernel that partition kernel resources such that one set of processes sees one set of resources, while another set of processes sees a different set of resources. The feature works by having the same namespace for a set of resources and processes, but those namespaces refer to distinct resources. Resources may exist in multiple namespaces. Examples of such resources are process IDs, host-names, user IDs, file names, some names associated with network access, and Inter-process communication. Namespaces are a required aspect of functioning containers in Linux. The term "namespace" is often used to denote a specific type of namespace (e.g., process ID) as well as for a particular space of names. A Linux system begins with a single namespace of each type, used by all processes. Processes can create additional namespaces and can also join different namespaces. History Linux namespaces were inspired by the wider namespace functionality use ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virtual Machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two. Virtual machines differ and are organized by their function, shown here: * ''System virtual machines'' (also called full virtualization VMs, or SysVMs) provide a substitute for a real machine. They provide the functionality needed to execute entire operating systems. A hypervisor uses native code, native execution to share and manage hardware, allowing for multiple environments that are isolated from one another yet exist on the same physical machine. Modern hypervisors use hardware-assisted virtualization, with virtualization-specific hardware features on the host CPUs providing assistance to hypervisors. * ''Process virtual machines'' are designed to execute computer programs ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virtuozzo (company)
Virtuozzo is a software company that develops virtualization and cloud management software for cloud computing providers, managed services providers and internet hosting service providers. The company's software enables service providers to offer Infrastructure as a service, Container-as-a-Service, Platform as a service, Kubernetes-as-a-Service, WordPress-as-a-Service and other solutions. History The company was founded as SWsoft in 1997 as a privately held server automation and virtualization company. In 2000, the company released the first commercially available operating system-level virtualization container technology. In 2003, SWsoft acquired the makers of Confixx and Plesk web hosting products: Plesk Server Administration (PSA) control panel and Confixx Professional hosting software. Virtuozzo was the core enabling technology behind SWsoft's HSP Complete solution. In 2004, SWsoft acquired Parallels, Inc. In 2005, the company open-sourced its operating system-level virtual ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ARM Architecture
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer, RISC instruction set architectures (ISAs) for central processing unit, computer processors. Arm Holdings develops the ISAs and licenses them to other companies, who build the physical devices that use the instruction set. It also designs and licenses semiconductor intellectual property core, cores that implement these ISAs. Due to their low costs, low power consumption, and low heat generation, ARM processors are useful for light, portable, battery-powered devices, including smartphones, laptops, and tablet computers, as well as embedded systems. However, ARM processors are also used for desktop computer, desktops and server (computing), servers, including Fugaku (supercomputer), Fugaku, the world's fastest supercomputer from 2020 to 2022. With over 230 billion ARM chips produced, , ARM is the most widely used ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
User ID
Unix-like operating systems identify a user by a value called a user identifier, often abbreviated to user ID or UID. The UID, along with the group identifier (GID) and other access control criteria, is used to determine which system resources a user can access. The Passwd (file), password file maps textual user names to UIDs. UIDs are stored in the inodes of the Unix file system, running processes, tar archives, and the now-obsolete Network Information Service. In POSIX-compliant environments, the shell command id gives the current user's UID, as well as more information such as the user name, primary user group and group identifier (GID). Process attributes The POSIX standard introduced three different UID fields into the process descriptor table, to allow privileged processes to take on different roles dynamically: Effective user ID The effective UID (euid) of a process is used for most access checks. It is also used as the owner for files created by that process. The effectiv ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux-VServer
Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open-source software. Details The project was started by Jacques Gélinas. It is now maintained by Herbert Pötzl. It is not related to the Linux Virtual Server project, which implements network Load balancing (computing), load balancing. Linux-VServer is a Operating-system-level virtualization, jail mechanism in that it can be used to securely partition resources on a computer system (such as the file system, CPU time, network addresses and memory) in such a way that process (computing), processes cannot mount a denial-of-service attack on anything outside their partition. Each partition is called a ''security context'', and the virtualized system within it is the ''virtual private server''. A chroot-like utility for descending into security contexts is provided. Booting a virtual priva ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
