In recent years, using containers in Linux has revolutionized the whole software industry’s approach to how software is built. Nowadays, when it comes to containerized services, technologies like Docker and Podman have become the industry standard.
However, not everyone knows that the ability to run Linux containers using LXC has been supported as a core feature of Linux since 2008.
LXC (Linux Containers) was the first and most complete Linux container manager implementation. Moreover, it runs on a single Linux kernel and does not require any patches. In other words, LXC container support is native functionality built into the Linux kernel.
Recently, LXCโs developers have finally launched LXC 5.0 LTS. So letโs have a look at the new features.
LXC 5.0 Highlights
LXC 5.0 is the consequence of two years of development since the last LXC 4.0 release. So, we’ll start with the most significant fact: LXC 5.0 is an LTS (Long Term Support) release.
This means it will receive regular security and feature updates for the next five years until 2027. Think about if you want to plan your IT infrastructure in the long run, especially if LXC is involved.
The second thing to mention is that this release uses Meson as its build system. Of course, this is a particularly important change only for packagers because it otherwise has no user-visible impact.
For those new to LXC, we would like to clarify that the fundamental Linux components on which it relies are namespaces and cgroups. LXC 5.0 has added improvements in both areas.
Cgroups (Control Groups) in Linux allows you to distribute resources such as CPU time, system memory, and network bandwidth, as well as combinations of these resources, among user-defined groups of processes executing on a system.
LXC 5.0 introduces four new cgropus’ configuration options:
- lxc.cgroup.dir.container
- lxc.cgroup.dir.monitor
- lxc.cgroup.dir.monitor.pivot
- lxc.cgroup.dir.container.inner.
These allow you to specify which cgroup paths will be used for the container, the monitor process, and the monitor process upon container termination. On top of that, perhaps the most notable change is that the container cgroup can now be placed within a nested cgroup.
Among the LXC 5.0 highlights are the changes made regarding time namespace support. Namespaces are a feature of the Linux kernel that separates kernel resources. That means that one set of processes is restricted to only one set of resources while another set of processes sees a different set of resources.
LXC 5.0 now supports configuring the time namespace via two new options that apply an offset on top of the main system clock.
- lxc.time.offset.boot
- lxc.time.offset.monotonic
In addition to the changes described above, there are additionally relevant to VLAN support on VETH devices, again related to adding new configuration options.
You can refer to the official announcement for detailed information about all changes.