LXC is a userspace interface for the Linux kernel containment features.
Through a powerful API and simple tools, it lets Linux users easily create
and manage system or application containers.
Current LXC uses the following kernel features to contain processes:
- Kernel namespaces (ipc, uts, mount, pid, network and user)
- Apparmor and SELinux profiles
- Seccomp policies
- Chroots (using pivot_root)
- Kernel capabilities
- CGroups (control groups)
LXC containers are often considered as something in the middle between a chroot and
a full fledged virtual machine. The goal of LXC is to create an environment as close as possible
to a standard Linux installation but without the need for a separate kernel.
LXC is currently made of a few separate components:
- The liblxc library
- Several language bindings for the API:
- A set of standard tools to control the containers
- Distribution container templates