Canonical published The release of the tools for organizing the work of isolated Containers lxc 5.0 , providing Runtime, suitable for launching containers with a full systemic environment close to virtual machines and for the performance of unvolded containers of individual Applications (OCI). LXC refers to low -level tools operating at the level of individual containers. For centralized control of containers deployed in a cluster of several servers, the LXD system develops on the basis of LXC. The LXC 5.0 branch is assigned to prolonged support releases, the updates for which are formed for 5 years. LXC written in the language and spreads under the GPLV2 license.
LXC includes LibLXC, a set of utilities (LXC-Create, LXC-START, LXC-Stop, LXC-LS, etc.), templates for building containers and a set of binding for various programming languages. Isolation is carried out using standard Linux kernel mechanisms. To isolate processes, the IPC, UTS network stack, user identifiers and mounting points use the Namespaces space mechanism. Cgroups are used to limit resources. To reduce privileges and access restrictions, nucleus capabilities such as Apparmor and Selinux profiles, secComp, chroots (Pivot_root) and capabilites.
are involved.
The main changes:
- The transition from Autotools to the assembly system meson , which is also used to assemble projects such as X.org Server, Mesa, Lighttpd, Systemdd GSTreamer, Wayland, Gnome and GTK.
- Added new options for setting up CGROUP – LXC.CGROUP.DIR.Container, LXC.CGROUP.DIR.MONITOR, LXC.CGROUP.DIR.PIVOT and LXC.CGROUP.DIR.CONTainer.inner, which allow you to clearly determine CGROUP ways for a container, monitoring process and invested hierarchies
CGROUP. - Added support for the space for time (Time Namespaces) to bind a separate state of a system watch to the container, which allows you to use its time in the container, different from the systemic one. For configuration, the options lxc.time.offset.boot and lxc.time.offset.monotonic are offered to determine the displacement of the main system watch for the container.
- For virtual Ethernet adaptors (VETH), support has been implemented
VLAN. For VLAN control, options are offered: veth.vlan.id for setting the main vlan and veth.vlan.tagged.id for binding additional taggeni vlan. - For virtual Ethernet adaptors, the ability to set up the size of the receipt and transmission of new options Veth.N_RXQUEES and veTH.N_TXQUEES.