LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
The linux containers, lxc, aims to use these new functionalities to provide a userspace container object which provides full resource isolation and resource control for an application or a system.
Linux container技术的目标是为应用程序或系统提供完整的资源隔离和控制。LXC项目通过提供一组API接口和工具,可以让其他程序方便地使用Linux container技术。
The container technology is actively being pushed into the mainstream linux kernel. It provides the resource management through the control groups aka process containers and resource isolation through the namespaces.
Linux container技术cgroups(control groups)和namespaces实现。两者的功能如下:
cgroups = limits how much you can use;
namespaces = limits what you can see (and therefore use)
Cgroups限制了你能够拥有的资源,而namespces限制了你能够看到的资源。
参考资料:
LXC;
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic。