Linux containers’ community published tools for organizing work Isolated containers lxc 6.0, providing Runtime, suitable for launching containers with a full systemic environment close to virtual machines and for the execution of unvaled containers separate applications (OCI). LXC refers to low -level tools working at the level of individual containers. For centralized control of containers deployed in a cluster of several servers, Incus and LXD systems are developing on the basis of LXC. The LXC 6.0 branch is assigned to prolonged support releases, the updates for which are formed for 5 years (until 2029). LXC written in the language and spreads under the GPLV2 license.
LXC includes LibLXC, a set of utilities (LXC-Create, LXC-START, LXC-Stop, LXC-LS, etc.), templates for building containers and a set of binding for various programming languages. Isolation is carried out using the standard Linux nucleus mechanisms. To isolate processes, the IPC, UTS network stack, user identifiers and mounting points use the Namespaces space mechanism. CGROUPS are used to limit resources. To reduce privileges and access restrictions, nucleus capabilities such as Apparmor and Selinux profiles, secComp, chroots (pivot_root) and capabilites.
The main changes:
- Provided to assemble a universal executable file LXC, combining in one utility all commands previously distributed in the form of individual utilities “LXC-*”. To assemble the consolidated executable file, the “Tools-Multicall = True” option is offered, when setting it up, all the old separate utilities are created as symbolic links to the LXC utility. Assembly in the form of one executable file can significantly reduce the consumption of disk space tools, which is relevant for built -in systems.
- The LIBLXC library has been added the Set_Timeout function, which allows you to set the TIMUout for any interaction operations with LXC Monitor.
- In the interface of the LXCBR0 network bridges, IPV6 support is activated by setting addresses from the subnet ipv6 ula