About Containers and VMs

About containers and VMs¶ Incus provides support for two different types of instances: system containers and virtual machines. Incus uses features of the Linux kernel (such as namespaces and cgroups ) in the implementation of system containers. These features provide a software-only way to isolate and restrict a running system container. A system container can only be based on the Linux kernel. When running a virtual machine, Incus uses hardware features of the the host system as a way to isolate and restrict a running virtual machine. Therefore, virtual machines can be used to run, for example, different operating systems than the host system. Virtual Machines Application Containers System Containers Uses a dedicated kernel Uses the kernel of the host Uses the kernel of the host Can host different types of OS Can only host Linux Can only host Linux Uses more resources Uses less resources Uses less resources Requires hardware virtualization Software-only Software-only Can host multiple applications Can host a single app Can host multiple applications Supported by Incus Supported by Docker Supported by Incus Application containers vs. system containers¶ Application containers (as provided by, for example, Docker) package a single process or application. System containers, on the other hand, simulate a full operating system similar to what you would be running on a host or in a virtual machine. You can run Docker in an Incus system container, but you would not run Incus in a Docker application container. Therefore, application containers are suitable to provide separate components, while system containers provide a full solution of libraries, applications, databases and so on. In addition, you can use system containers to create different user spaces and isolate all processes belonging to each user space, which is not what application containers are intended for.