| You're missing the point -- It's not unreasonable to compare the functionality of zones in 2014 with the functionality of vserver in 2014. But you compared the functionality of zones in 2014 with the functionality of vserver in 2005 (which hasn't changed much). LXC is the preferred container solution and has been for years. I only referenced vserver because of your "Linux finally catching up to zones" comment, when Linux has been doing containerization as long as Solaris. I'm also not going to "provide any data" about vserver. You can look at the release dates for vserver, openvz, and lxc yourself, as well as when lxc made mainline and how many VPS providers use openvz, versus how many distros even package vserver in 2014. LXC made mainline for a reason. OpenVZ is pretty comparable in features. You're making a sideways argument now based on Linux not having ZFS, but that isn't the discussion. It's also true that Linux doesn't have Crossbow. It's not true that LXC and OpenVZ can't take advantage of openvswitch, which is pretty comparable. But none of that has anything to do with Docker. This is not "LXC vs Zones vs Jails". Containers can also be backed by btrfs or lvm cnapshots, which aren't as feature-filled as ZFS, but you're reaching. Similarly, zones aren't as featureful as full-fledged VMs. But that's also not what we're talking about. You're repeatedly missing what Docker actually does. Ok? Zones -> LXC. LXC also has "weight" in that it starts init and basic services, and has to be managed. Docker -> containerized chroot. Docker is not an analogue or competitor to zones. However, Docker (through libcontainer) are already built on top of cgroups and can be managed through selinux. Security is not a valid complaint. |
Again, I'm sure Docker is appropriate for some specific situations, but it is not currently an appropriate general container solution if you care about security.