As I always say: a VM makes an OS believe that it has the machine to itself; a container makes a process believe that it has the OS to itself.
fulafel · 31m ago
I think they linuxcontainers.org people would disagree. Like the table is trying to communicate, in contrast to eg Docker, this is not about application containerization.
weikju · 41m ago
I'll have to remember that one!
mappu · 25m ago
VMs also don't always require hardware virtualization - Alibaba's PVM https://lkml.org/lkml/2024/2/26/1263 didn't get upstreamed, but, theoretically the MMU is all you need for complete isolation. This kind of idea is also how VM software worked before VT-x was introduced. And of course QEMU has the TCG which works with no kernel support at all.
reilly3000 · 23m ago
Can someone explain how a system container is more secure than an application container, if that is indeed the case?
skywhopper · 1h ago
What is this? Docker containers can host more than one process/service/app. And why is some product called “Incus” using “linuxcontainers.org” as a domain name?
paulhart · 1h ago
According to their Github page, they _are_ linuxcontainers (in a way), and Incus is Apache licensed:
Incus, which is named after the Cumulonimbus incus or anvil cloud started as a community fork of Canonical's LXD following Canonical's takeover of the LXD project from the Linux Containers community.
The project was then adopted by the Linux Containers community, taking back the spot left empty by LXD's departure.
Incus is a true open source community project, free of any CLA and remains released under the Apache 2.0 license. It's maintained by the same team of developers that first created LXD.
LXD users wishing to migrate to Incus can easily do so through a migration tool called lxd-to-incus.
incus is the truly open source version of lxc/lxd. It is stable and incredible. I manage dozens of machines and want for nothing, and most importantly, pay nothing for that luxury.
jiggawatts · 2h ago
It's a bad sign that the first table on the page is full of errors.
"Can host a single app" -- not true either. It's just bad practice to host multiple apps in a single container, but it's definitely possible.
IMHO it's not very nice to use the generic-sounding "linuxcontainers.org" domain exclusively for LXC-related content there.
weikju · 2h ago
On incus/lxd is true there containers can only be Linux..
Not sure about the one app thing but that’s the general design of those ad well I suppose.
jiggawatts · 2h ago
Which just validates my point that a generic-sounding domain is the wrong place to host content that even within the Linux ecosystem is a relatively minor player.
chucky_z · 1h ago
lxc is used really frequently in the home space (jellyfin/plex for instance). A lot of Proxmox use cases as well which is growing in popularity extremely rapidly.
esseph · 2m ago
I really wish I could just run regular docker or oci containers in Proxmox.
jiggawatts · 1h ago
Which is small in the scope of things when Docker Desktop and containerd are both used at far larger scales.
cyberge99 · 1h ago
I’m not sure I follow. Are you suggesting OP has an incorrect apex domain name?
9dev · 1h ago
It’s like selling Pepsi exclusively on soda.org.
weikju · 1h ago
Don’t give them any ideas!!!
TrueDuality · 1h ago
LXC far predates docker regardless of size or impact. It's not disingenuous if you were literally the foundation docker was able to package into a shiny accessible tool.
wutwutwat · 1h ago
linux containers, be it a lxd container, or a containerd/dockerd one, only run on linux hosts.
windows containers, only run on windows hosts.
when you run a linux container on a windows host, you're actually running a linux container inside of a linux vm on top of a windows host.
containers share the host operating system's kernel. it is impossible for a linux container (which is just a linux process) to execute and share the windows kernel. the reverse is true, a windows container (which is just a process) cannot execute and share the linux kernel
the article is correct, linux containers can only execute on a linux host
worik · 1h ago
Very cool...
In my experience it has gotta be Docker. For these reasons:
Incus, which is named after the Cumulonimbus incus or anvil cloud started as a community fork of Canonical's LXD following Canonical's takeover of the LXD project from the Linux Containers community.
The project was then adopted by the Linux Containers community, taking back the spot left empty by LXD's departure.
Incus is a true open source community project, free of any CLA and remains released under the Apache 2.0 license. It's maintained by the same team of developers that first created LXD.
LXD users wishing to migrate to Incus can easily do so through a migration tool called lxd-to-incus.
https://github.com/lxc/incus
"Can only host Linux" -- Windows Containers are a thing too: https://learn.microsoft.com/en-us/virtualization/windowscont...
"Can host a single app" -- not true either. It's just bad practice to host multiple apps in a single container, but it's definitely possible.
IMHO it's not very nice to use the generic-sounding "linuxcontainers.org" domain exclusively for LXC-related content there.
Not sure about the one app thing but that’s the general design of those ad well I suppose.
windows containers, only run on windows hosts.
when you run a linux container on a windows host, you're actually running a linux container inside of a linux vm on top of a windows host.
containers share the host operating system's kernel. it is impossible for a linux container (which is just a linux process) to execute and share the windows kernel. the reverse is true, a windows container (which is just a process) cannot execute and share the linux kernel
the article is correct, linux containers can only execute on a linux host
In my experience it has gotta be Docker. For these reasons:
1. I said so
2. I'm the boss
3. Goto 1.