History of containers in Linux kernel

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search

This page describes history of containers in Linux kernel as technology in opposite to page with project history.


  • chroot() was added (?)
  • Mount namespaces (mount points, filesystems etc.)
  • UTS (Unix Time Sharing) namespaces
    • sysname
    • nodename
    • release
    • version
    • machine
    • domainname
  • IPC (System V IPC resources)
  • User namespaces (UID, GID)
  • unshare[1]
  • clone[2]
  • namespaces[3]


  • Cpusets[4] appeared in version 2.6.12 of the Linux kernel. Cpusets provide a mechanism for assigning a set of CPUs and Memory Nodes to a set of tasks.


  • It was Paul Menage’s approach[5] in 2006 of adapting the cpusets mechanism already in the mainline kernel that really moved containerization on Linux forward, requiring minimally intrusive changes with little impact on performance, code quality, complexity, and future compatibility. The result was generic process containers, which were later renamed control groups, or cgroups, to reflect the fact that “this code is an important part of a container solution… it’s far from the whole thing.” Cgroups allow processes to be grouped together, and ensure that each group gets a share of memory, CPU and disk I/O; preventing any one container from monopolizing any of these resources. Kernel namespaces are another key part of a container solution, with Red Hatter Eric W. Biederman’s 2008 user namespaces patches being arguably the most complex and one of the most important namespaces in the context of containers. The implementation of user namespaces allows a process to have it’s own set of users and in particular to allows a process root privileges inside a container, but not outside.


  • Sep 2007: NET namespaces A network namespace is logically another copy of the network stack, with its own routes, firewall rules, and network interfaces. The network namespace is represented by struct net (defined in include/net/net_namespace.h).
  • Jul 2007: PID namespaces. Implemented in kernel/pid_namespace.c [6][7] PID namespaces.


  • Feb 2008: memory cgroups[8].
  • Apr 2008: device cgroups[9].


  • Mar 2014: NFS virtualization (client and server) support[10][11].


See also[edit]