Ubuntu Server containers (e.g. LXC, OpenVZ)

Registered by Stéphane Graber

While regular virtualization (kvm/virtualbox/vmware/...) is great, it still has to virtualize a whole computer including the BIOS and run its own kernel.

In most cases, it's not necessary and having some kind of "chroot" with quota on main resources (CPU, memory, network, disk) would be enough.
That's what contextualization technologies let you do, the most known of which is probably OpenVZ (virtuoso) but Vserver and LXC also exist.

LXC is the mainline implementation of contextualization and is built-in the kernel since 2.6.28 and well working as of 2.6.31.
It would be interesting that the next LTS (10.04) supports both virtualization and contextualization and so will cover everybody's needs.

Blueprint information

Jos Boumans
Soren Hansen
Stéphane Graber
Series goal:
Accepted for lucid
Milestone target:
milestone icon lucid-alpha-3
Started by
Jos Boumans
Completed by
Stéphane Graber

Related branches



ttx review (20091130) -- Looks good to me.
mdz review 2009-11-30: Includes a user story about an upgrade path, but it does not specify an action/result and design does not address this. Please add bug titles to the work item list, rather than just opaque bug numbers. Design section includes an unanswered question. Made some edits for clarity.
jib review 2009-12-18: I would like to discuss this spec at our next meeting on January 6th to make sure we are all alligned.

on track

Work items for lucid-alpha-3:
Bug: #480739: DONE
[soren] Extend VMBuilder to be able to bootstrap a container: DONE
[soren] libvirt needs to build against libcapng: DONE
need to sync libcapng from Debian: DONE
[jdstrand] Bug #480478: DONE
[stgraber] Review state of libvirt 0.7.2 + LXC (lxc is OK, 0.7.5 will need to build against libcapng): DONE
[stgraber] Try to boot a Lucid container on Lucid (failed, will need some init script to fix that): DONE
[stgraber] Get the latest LXC userspace tools in the archive: DONE
[stgraber] Do a MIR for the LXC userspace: DONE

Nice to have items:
 * enhance libvirt apparmor for lxc coverage. This requires adding sVirt security driver hooks to the LXC support in libvirt. Currently, libvirt only has security driver hooks for qemu, so this will require significant effort and coordination with upstream.


Work Items