• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » How OS-Level Virtualization Works

By Abhishek Ghosh March 13, 2023 3:46 pm Updated on March 13, 2023

How OS-Level Virtualization Works

Advertisement

OS-level virtualization is a method of allowing multiple instances of an operating system (as “guests”) to use the kernel of a host system in isolation from each other. In contrast to virtualization using a hypervisor, container virtualization has some limitations like its guests but is considered to be particularly resource-efficient.

The Docker software became popular in IT in 2013, among other things through intensive cooperation with Red Hat and the integration into their product OpenShift. However, there had been similar projects before. On an ordinary operating system, any program can usually view and use all system resources. Among other things:

  • Usable hardware (components), such as CPU and network
  • Storage (read/write), folder structures, and network storage
  • Peripherals such as keyboard, webcam, scanner and printer.

The operating system may restrict access to such resources depending on the user and context under which the process is running. Containerization can be used to manage which system resources are allocated to the processes in the container.

Advertisement

---

In 1979, the developers of Unix introduced the chroot system call, with which a part of the file system could be isolated from the rest and thus took a first step towards virtualizing the operating system. For many years, the approach was used only sporadically for software testing and server protection purposes, especially among BSD-Unix derivatives, who developed it further under the name Jails. Even though there were activities among Linux developers in the late 1990s with User Mode Linux to start the operating system in the operating system, this approach only received greater attention in professional circles. In the mid-2000s, the open-source project OpenVZ and the Virtuozzo product based on it spread software that allowed web hosts to run many Linux websites on a single server. The Solaris and BSD operating systems each had their implementations of the principle.

Under the impression of these developments, the developers of the Linux kernel had taken precautions to build similar functions into their operating system. These include namespaces, cgroups, and capabilities. Many of these techniques are used under the term LXC, but still require a lot of detailed knowledge of the structure of operating systems and operating system distributions. That changed in 2013 when the company then called dotCloud introduced Docker, which made it easier for application developers to package their software in containers. As a result, several alternatives to Docker have emerged, especially for Linux, including rkt (pronounced Rocket) and the Nspawn subproject of systemd. Some projects and vendors also package container virtualization into products that include other management software, such as orchestration or platform as a service. Examples of this are the projects Kubernetes or OpenShift.

How OS-Level Virtualization Works

 

Realizations of OS-Level Virtualization

 

Many projects and products implement the principle of container virtualization but differ in the scope of which system resources (for example, processes, file system, network interfaces) they virtualize and isolate from each other. Some realizations include:

  • chroot isolates part of the file system from the surrounding rest, making it appear to a process as if the path passed as an argument is the root directory of the file system. However, the process can be easily overturned, which is why it is not suitable as real insulation.
  • Drawbridge
  • UML (User Mode Linux) runs a Linux kernel as a userland process.
  • BSD Jails further develops the idea of chroot for Unix’s BSD derivatives.
  • Solaris Zones was the evolution of Sun Microsystems for its Unix derivative Solaris.
  • OpenVZ is a significant addition to the Linux kernel with features that are similar to LXC’s functionality today. However, the Linux kernel developers have rewritten and generalized most of the functions (namespaces, cgroups). The proprietary variant of OpenVZ is distributed as Virtuozzo by Parallels, Inc.
  • LXD is a Canonical product that is built on top of LXC, but adds many more features, some of which come from hypervisor virtualization.
  • Docker is a container virtualization platform that uses many of the above techniques and complements them with easy-to-use tools and services. This includes, for example, a description of images (Dockerfiles) or a repository that manages such images. The manufacturer of the same name offers many more supplements for the platform, some of them free of charge, others for a fee.
  • systemd-nspawn is a subproject of the systemd framework and was originally intended to test systemd itself without rebooting the machine each time. It uses the Linux-specific namespaces and cgroups.
  • rkt is an alternative implementation of the Docker approach from competitor CoreOS, which had criticized individual design decisions of Docker, which primarily concern security.
  • runC is an attempt to settle the looming schism between Docker and kkt. For this purpose, several manufacturers have founded the Open Container Initiative under the umbrella of the Linux Foundation. runC is only a runtime environment and does not include many features of other container virtualization platforms.
  • Podman is a container manager that can run without a daemon and is based on the concept of Kubernetes Pods Podman is an evolution of Skopeo by Redhat.

 

Conclusion

 

Most realizations of container virtualizations come from the environment of the operating system family Unix. It became popular especially in the context of Linux from 2013 through Docker. There are also implementations for the host operating systems Windows and MacOS, which, however, ultimately use a lightweight hypervisor in addition to container virtualization to restart a Linux kernel and then use it with Docker. There is also native container virtualization for operating systems other than Linux, but it has not yet become widely used.

Since all guests of container virtualization use the same kernel, it must have strong mechanisms to realize the isolation of the individual guests. This is not easy with complex software such as a Linux kernel with several hundred system calls and various other ways of communicating with the kernel.

By isolating the file systems, each container uses its own set of system libraries. If vulnerabilities become known in them, such as the Heartbleed vulnerability of the SSL/TLS libraries OpenSSL, a system administrator must update all their instances on one computer instead of just once per server.

Due to the variety of settings and configuration options, containers can be easily set to open up unwanted access possibilities. For example, privileged containers allow more functions to be performed within the container, but weaken the isolation of the containers from the host.

As a service for containers, repositories have been created that offer ready-made images that can be run directly on the container platform. Some of these artefacts are of dubious quality and may contain vulnerabilities due to ignorance or ill will on the part of the providers if they have not been checked before downloading and operating.

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How OS-Level Virtualization Works

  • Analysis of Docker in DevOps : Part II

    In first part of the series of articles on Analysis of Docker in DevOps, we discussed the basic terminologies and concepts around Docker and DevOps. As per our previously declaired plan, Dockers implementation will be discussed after discussing the specific requirements within software projects. In this part, requirements will be discussed. IT has several requirements […]

  • Analysis of Docker in DevOps : Part I

    Analysis of Docker in DevOps is a Series of Articles to Discuss the Solving Problems Arising within DevOps and Possible Fields of Application.

  • Navigating the Benefits of Docker Registry

    Docker Registry is a collection of repositories with indexes, access control rules. API is used by the clients to obtain images from repos.

  • How Setup Private Docker Registry on Ubuntu 16.04 LTS Cloud Server

    You Can Have Your Own Docker Registry on Own Cloud Server Instance. Here is How Setup Private Docker Registry on Ubuntu 16.04 LTS Cloud Server.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • PowerAmp Settings for Higher Sound QualityOctober 4, 2023
  • Affordable Earphone/IEM for Audiophiles: HiFiMan RE-400 WaterlineOctober 2, 2023
  • What is Hardware Security Module (HSM)September 30, 2023
  • Transducer Technologies of HeadphonesSeptember 28, 2023
  • What is Analog-to-Digital Converter (ADC)September 27, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy