Numerous solutions exist for infrastructure virtualization. Virtualization is not only helpful for deploying systems, but also for integration testing, building distributable packages and software development.

Virtualization that uses a hypervisor (e.g. virtualbox, kvm-qemu) are commonly in use today. Vagrant, a great development tool, provides a simple interface on top of the virtual machines. Newer solutions, including LXC, docker and rkt, are based on Linux containerization. Linux containers are built on Linux features like namespaces, cgroups and SELinux.

Linux containers

Linux containers provide a significant performance improvement by using the same kernel as the host instead of a hypervisor. However that may limit what software can be run in the container if it is dependent on a particular kernel version. This is a much more significant problem for system containers.

System containers contain an entire init system and therefore somewhat mimic a full system. For example, this allows you to define network configuration within the container. System containers are especially useful for legacy systems. However they are also limited by the dependency on a shared kernel. For example, CentOS 6 and 7 cannot run on the same base system, because the current revision of CentOS 6 uses a 2.6 kernel, while 7 uses 3.1.


The CTO of docker did an interview on FLOSS Weekly. He stressed the importance of Docker as a distribution medium and its ability to isolate dependencies. These two qualities appear to be what is driving Docker’s success. Package managers like yum and apt have provided solutions to this problem for years.

The performance gains from using using a shared kernel are significant, but the real benefit, as with Vagrant, is the perceived simplification of bootstrapping a system.

There are countless other qualities of Docker beyond distribution and dependency isolation. They tend to add a great deal of complexity with little benefit to a broad audience.

Although mentioned only briefly during the interview, a large part of that distribution mechanism is the git style revision control.

The distinction between a container and an image can be confusing and tedious in practice. To modify an image it is easier to write a Dockerfile, which iterates through every line, running the command on that line in a container based on the original image, store the state of the container into a new image, and then point the new image to original image’s name. Containers only run as long as the process inside it is running.

Because Docker is a type of application container it needs to provide a lot of the services a full Linux distribution would, while running inside a host distribution. The most important functionality is providing networking. Release 1.6 of Docker provided the first logging drivers.