Hacker News new | ask | show | jobs
by binarycrusader 4084 days ago
Yes, everyone refers to jails, but I think most people would agree that jails weren't really containers. They didn't provide true isolation for a set of applications. I guess you could argue they were the original prototype for them though.

Solaris containers are the first "lightweight virtualization" technology that I'm personally aware of that provided true isolation of one more processes from the host operating system and host processes.
2 comments
ianmcgowan 4084 days ago
Not sure if "lightweight" counts when talking about a mainframe, but when first encountering Solaris zones they seemed equivalent to LPAR's in the mainframe world.

http://en.wikipedia.org/wiki/VM_%28operating_system%29

There are a lot of things from the mainframe world that are being newly "discovered" that seem quite mundane to the greybeards...

http://en.wikipedia.org/wiki/IBM_System_z#Comparison_to_othe...

link
binarycrusader 4084 days ago
Yes, there are LPARs, but we were discussing software-based virtualisation. LPARs are more partitioning than virtualization which is very different from a multi-tenancy perspective.

The equivalent to LPARs in the Solaris world would be LDOMs on SPARC.

link
rsync 4084 days ago
"Yes, everyone refers to jails, but I think most people would agree that jails weren't really containers. They didn't provide true isolation for a set of applications. I guess you could argue they were the original prototype for them though."

The first VPS provider (JohnCompanies, 2001) was based entirely on jail and it absolutely provided (even then) true isolation for a set of applications.

Every customer had their own unix root and their own rc.conf configured their own system and everyone ran their own sendmail/named/httpd/etc.

It is absolutely correct to refer to jails in this way, and that is why you see everyone doing it.

link
binarycrusader 4083 days ago
If you're talking about chroot jails, no, it was possible to "escape" jails they did not provide true isolation.

If you're talking about some other jail, possibly, but my understanding is they didn't actually provide true isolation. Certainly not a kernel-level of abstraction.

link