Canonical Posted Container Manager Release LXD 5.0 and virtual FS LXCFS 5.0 . LXD code is written in GO language and extends under the APACHE 2.0 license. The branch 5.0 is classified with long-term support – updates will be formed until June 2027.
As Runtime To start as containers, the lxc is used, which includes LIBLXC library, utility set (LXC-CREATE, LXC -start, LXC-STOP, LXC-LS, etc.), templates for building containers and a set of binding for different programming languages. Isolation is carried out with the help of regular Linux kernel mechanisms. For isolation of processes, a network stack of IPC, UTS, user identifiers and mount points are used by the namespaces spaces (Namespaces). CGroups apply to limit resources. To lower the privileges and access limits, the core capabilities as ApparMor and Selinux profiles, SECComp, Chroots policies (Pivot_ROot) and Capabilities are used.
In addition to the LXC in LXD, components from CRIU and QEMU projects also apply. If LXC is low-level tools for manipulation at the level of individual containers, the LXD provides tools for centralized control of containers deployed in a cluster from several servers. LXD is implemented as a background process that accepts requests over the network via the REST API and supports various storage backends (directory tree, ZFS, BTRFS, LVM), snapshots with a state cut, live-migration of working containers from one machine to another and tools for storing images Containers. LXCFS It is used to simulate in pseudo-fs / proc and / sys containers, and a virtualized CGroupFs representation to give containers of the formal independent system.
Key improvements:
- Hot connection and disconnecting disks and USB devices. In a virtual machine, a new disk is determined by the appearance of a new device on the SCSI bus, and the USB device generates the USB HOTPLUG event generation.
- is given the possibility of launching LXD even in the conditions of impossibility of raising the network connection, for example, due to the lack of a necessary network device. Instead of withdrawing an error when launching LXD, now launches the maximum possible number of environments, and the rest of the environments are started after the network connection is set.