At this year's Linux Kernel Summit and Linux Symposium that took place in Ottawa, one of the topics of discussion that was highly talked about centered around containers or kernel-level virtualization technology and how to get this feature into the Linux kernel.

Most of the kernel people in attendance believed that containers would be a good feature to add into the Linux kernel. Unfortunately, there are many different implementations of the technology already being worked on by several different groups. Solutions and products that are already being worked on include: OpenVZ, Virtuozzo, Sun Solaris Containers, Linux-VServer, among others. And so, the overall feeling was that the mainstream code should be the result of a concensus between all of the implementations.

OpenVZ's Kir Kolyshkin and Kirill Korotaev attended the sessions, and they describe in the OpenVZ Blog what they believe these different groups are aiming for:

Eric Biederman wants to have so-called namespaces in kernel. Namespaces are basically a building blocks of containers, for example, with user namespace we have an ability to have the same root user in different containers; network namespace gives an ability to have a separate network interface; process namespace is when you have an isolated set of processes. All the namespaces combined together creates a container. But, as Eric states, an ability to use not all but only selected namespaces gives endless possibilities to a user.




IBM people want application containers, and for them the main purpose of such containers is live migration of those. The difference between app. container and the "full" (system) container is a set of features: for example, an application container might lack /proc virtualization, devices, pseudo-terminals (needed to run ssh, for example) etc. So, an application container might be seen as a subset of a system container.




OpenVZ wants system containers that resemble the real system as much as possible. In other words, we want to preserve existing kernel APIs as much as possible inside a container, so all of the existing Linux distributions and applictions should run fine inside a container without any modifications. Of course, the goal is not 100% achievable, for example we do not want the container to be able to set the system time.




Linux-VServer wants just about the same as OpenVZ, it's only that their implementations of various components are different, and their level of a container resembling a real system is a bit lower (for example, in networking).

Kir is optimistic. He concludes that the task will not be an easy one, but that it is indeed doable. It was a huge step getting everyone together in person to discuss everything, and having the kernel developers onboard will go a long way to help merge the technology into mainstream code. However, consensus remains the key.

Posted by David Marshall on July 29, 2006 08:51 PM