Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
There are a few differences because lxc runs along side the reast of host system rather than the daemonized container service that Docker does.
From the host you can access kernel related controls within the target system. You can see the processes running, perform tuning on them, etc while also having the same kernel level control inside the target. This also means you can have better control over security bu setting group policies, apparmor profiles and system aware firewall rules because you aren’t running your target in a black box.
Their purposes are very different. If you are running a single process for a single purpose you use Docker. When you want yo run a system for a specific service you run lxc. Can you do the opposite within each type? Yep. But that’s not what they are designed for. Can you run a full blown email service with imap and pop, a web server for a webmail client and antivirus services inside a docker container…of course. But all the tuning and configuration is done at the container level which means that we assume all installs and replication must be the same. In lxc i can install the same system but if we want to tweak max memory usage or niceness of a given service you can do that globally or target a specific container while on docker youd have to go to each container to do that work.
But you can do all that in docker? Heck I have full GNOME installs with novnc in docker.
There are a few differences because lxc runs along side the reast of host system rather than the daemonized container service that Docker does.
From the host you can access kernel related controls within the target system. You can see the processes running, perform tuning on them, etc while also having the same kernel level control inside the target. This also means you can have better control over security bu setting group policies, apparmor profiles and system aware firewall rules because you aren’t running your target in a black box.
Their purposes are very different. If you are running a single process for a single purpose you use Docker. When you want yo run a system for a specific service you run lxc. Can you do the opposite within each type? Yep. But that’s not what they are designed for. Can you run a full blown email service with imap and pop, a web server for a webmail client and antivirus services inside a docker container…of course. But all the tuning and configuration is done at the container level which means that we assume all installs and replication must be the same. In lxc i can install the same system but if we want to tweak max memory usage or niceness of a given service you can do that globally or target a specific container while on docker youd have to go to each container to do that work.