09-29, 14:30–15:00 (UTC), Kuppel
System containers, the oldest type of containers, focus on running an entire Linux distribution, including all its services in very much the same way it would on a physical system or virtual machine.
System containers come with some unique challenges, users of those containers expect to be able to do pretty much everything that they can on a normal system. This means it’s not possible to restrict those containers quite as much as application containers can be.
It also means that there are extra expectations to be met:
- Being able to add/remove devices to/from a running container
- Loading security profiles inside a container
- Using file capabilities in the container
- Mounting file systems
- Proper reporting of uptime, resource consumption and limits
- Live-migration
In this presentation, we’ll explore some of the existing technologies in use by LXC and LXD to address some of those expectations as well as upcoming kernel and userspace features that will allow system containers to do even more than they do today.
Eric is a sneakernet advocate and general-purpose hopeful. His dream is for computers to A) work, B) work reliably, C) work over time and D) all of the above, anywhere, regardless of internet connectivity. Currently focused on: Reproducible builds -- making them not just possible, but in fact making them so easy and so natural that reproducible builds become the norm.