A Brief Introduction to LinuxKit

简介: The LinuxKit makes it possible for users to utilize the container platform with secure, lean, and portable Linux subsystems.

What is LinuxKit?

LinuxKit includes tools that allow users to build custom Linux subsystems. All system services are replaceable containers, allowing users to remove anything they don’t need. This tool perfectly fits the Docker design philosophy, allowing users to replace any of the default components with other components that match user’s needs.

Security is Docker's Most Important Goal

11

LinuxKit is an open source project, and Docker says that its inclusion in containers will help in building a secure, streamlined, and portable operating system.

Docker considers security to be a significant goal. It is consistent with NIST (America’s National Institute of Standards and Technology). A statement in its Application Container Security Guide advises developer community to “Use container-specific host OSs instead of general-purpose ones to reduce attack surfaces.”

When using a specific container operating system, the number of attack surfaces is usually much smaller than a generic operating system, so fewer opportunities exist to attack and compromise a particular container's operating system.

Technical Details of LinuxKit

Small Memory Consumption and Short Startup Time

If we design an operating system around a single use case that runs a container, this reduction can directly contribute to the security of the system. Because LinuxKit is a native container, its size is very small (just 35MB!), so users can start it up in a very short amount of time. All system services are containers, which means that users can delete or replace anything.

System services in the container are sandboxed (they only have the privileges they need). This configuration design supports container use cases. LinuxKit fits inside a flexible infrastructure so that users can build, test, and deploy it in the CI pipeline and redeploy the new version when it needs an update.

Kernel Comes From Industry Cooperation

The kernel comes from Docker's collaboration with the Linux Kernel community and organizations such as the KSPP. With LinuxKit support, just a single small patch can often solve multiple problems. The process of developing Kernel security is well beyond the capabilities of any one company. It requires cooperation across the entire industry.

Besides, LinuxKit also provides room to incubate security projects that demonstrate the promise of improving Linux security. Docker has said it is actively working with external open-source projects like Wireguard, Landlock, Mirage, oKernel, and Clear Containers, and has provided a test platform for them. The next focus will be on container space innovation and production environments.

LinuxKit is Portable

LinuxKit is portable as it supports the multi-platform Docker (it is currently running on), and it will also support more platforms in the future. As a container, it can run anywhere, whether on large or small machines, physical or virtual machines, mainframes, or other devices that use the Internet of Things (IoT) scenario.

Conclusion

LinuxKit is open to developers, partners, and open source enthusiasts, who can collaborate and create new things leveraging the container platform. Developers should look forward to making the most of this secure platform, and contribute back to the community.

To learn more about Docker and containers, check out the Alibaba Cloud Container Service.

目录
相关文章
|
安全 内存技术
读书笔记系列 - Operating Systems: Three Easy Pieces - Intro
读书笔记系列 - Operating Systems: Three Easy Pieces - Intro
125 0
|
存储 机器学习/深度学习 PyTorch
PyG学习笔记1-INTRODUCTION BY EXAMPLE(一)
PyG学习笔记1-INTRODUCTION BY EXAMPLE(一)
315 0
PyG学习笔记1-INTRODUCTION BY EXAMPLE(一)
|
计算机视觉
PyG学习笔记1-INTRODUCTION BY EXAMPLE(二)
PyG学习笔记1-INTRODUCTION BY EXAMPLE(二)
159 0
|
机器学习/深度学习 运维 算法
an introduction|学习笔记
快速学习 an introduction
an introduction|学习笔记
|
Shell PHP 开发工具
|
Shell PHP 开发工具
|
Ubuntu Linux Unix
|
人工智能 自然语言处理 搜索推荐