Chapter 9. Secure Linux Containers

Linux Containers (LXC) is a low-level virtualization feature that allows you to run multiple copies of the same service at the same time on a system. Compared to full virtualization, containers do not require an entire new system to boot, can use less memory, and can use the base operating system in a read-only manner. For example, LXC allow you to run multiple web servers simultaneously, each with their own data while sharing the system data, and even running as the root user. However, running a privileged process within a container could affect other processes running outside of the container or processes running in other containers. Secure Linux containers use the SELinux context, therefore preventing the processes running within them from interacting with each other or with the host.
The Docker application is the main utility for managing Linux Containers in Red Hat Enterprise Linux. As an alternative, you can also use the virsh command-line utility provided by the libvirt package.
For further details about Linux Containers, see Getting Started with Containers.