There are several containers or containerization systems for Linux let’s discuss the differences, pros and cons for comparison.
I am no expert but this is my current state of knowledge (without having used any of those containers at all ).
List of known containers:
-
Docker
Future seems questionable. -
Flatpak
There are critics like that on https://flatkill.orgAFAIK its limited to desktop apps. Could find confirmation quickly.
-
Podman
Doesn’t need a daemon. -
AppImage
does not offer form of self-check with package authenticity verification or runtime confinement by sandboxing -
LXC
Starting with the LXC 1.0 release, it is possible to run containers as regular users on the host using “unprivileged containers”.[7] Unprivileged containers are more limited in that they cannot access hardware directly. However, even privileged containers should provide adequate isolation in the LXC 1.0 security model, if properly configured.In contrast to OpenVZ, LXC works in the vanilla Linux kernel
-
LXD
alternative wrapper around LXC developed by Canonical
LXD is a system container manager, basically an alternative to LXC’s tools, not a “rewrite of LXC”. In fact it is building on top of LXC to provide a new, better user experience. -
Snap
Snap is a software packaging and deployment system developed by Canonical for the operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system.Snaps are self-contained packages that work across a range of Linux distributions.
supports any class of Linux application such as desktop applications, server tools, IoT apps and even system services in contrast to flatpack
Depends on systemd and AppAmor.
more on sandboxing, resource management and security
There is a Snap Store but Snap itself can be used without a store. Snap packages can be obtained from any source, including the website of a developer.
-
OpenVZ
Memory allocation with OpenVZ is soft in that memory not used in one virtual environment can be used by others or for disk caching.allow each container to have its own file system.[2]
The OpenVZ kernel is a Linux kernel, modified to add support for OpenVZ containers. The modified kernel provides virtualization, isolation, resource management, and checkpointing. As of vzctl 4.0, OpenVZ can work with unpatched Linux 3.x kernels, with a reduced feature set.
Each container is a separate entity, and behaves largely as a physical server would. Each has its own files, System libraries, applications, virtualized
/proc
and/sys
, virtualized locks, Users and groups (including root), virtual Process tree including init, virtual Network, Devices and IPC objectsA live migration and checkpointing feature was released for OpenVZ in the middle of April 2006. This makes it possible to move a container from one physical server to another without shutting down the container. The process is known as checkpointing: a container is frozen and its whole state is saved to a file on disk. This file can then be transferred to another machine and a container can be unfrozen (restored) there; the delay is roughly a few seconds.
-
Rkt
-
System-nspawn
-
Charliecloud
a set of container tools used on HPC systems -
Kara Containers
-
Bottlerocket
Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts -
Imctfy
not actively developed since 2015 -
Manual chroots, namespaces and cgroups