Hi Trent, On Wed, 17 Oct 2012, Trent W. Buck wrote:
Peter Ross <Peter.Ross@bogen.in-berlin.de> writes:
Linux containers are not that new either [...] It just feels more like an "add-on".. You may use your SE Linux wizardry to increase security if you don't trust it enough.
I'm not sure where you get that impression. AFAICT, there was OpenVZ, maintained as a third-party fork of linux because it changed lots of little bits all over the shop, and it did a few pragmatic hacks to solve problems. Then there was LXC, which is basically where OpenVZ work is cleaned up and integrated back into the mainline kernel, and becomes a first-class part of the kernel like sysfs or the tcp stack or whatever.
AFAIK it was integrated into the mainline in bits and pieces, starting with cgroups and namespaces in 2.6.29 (2009). FreeBSD jails are around since 1999.
Incidentally, I was talking to an fbsd user a while back and he gave me the impression that lxc "containerized" more resources than fbsd jails -- I forget which ones, though.
http://en.wikipedia.org/wiki/Operating_system-level_virtualization#Implement... gives an overview. FreeBSD does not have I/O resource limiting, as far as I know. Regards Peter