Ubuntu is working on a new secure container hypervisor: LXD

Security is a big concern for users of container technologies, but Ubuntu, with Docker and LXC, thinks it has a solution.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

PARIS — At the OpenStack Summit, Mark Shuttleworth, founder of Canonical and Ubuntu Linux, announced that Canonial and Docker have started working on a new secure hypervisor, LXD — pronounced lex-d — for containers.

Containers are more efficient than virtual machines but are potentially less secure.

Docker, which is based on LXC container technology, has exploded in popularity. While far from the first technology to place applications within smaller, lighter-weight "containers" instead of hypervisor-driven virtual machines, Docker has taken containers and made them mainstream.

But even as Docker technology starts rolling into production, concerns remain about its security. Although Microsoft has also brought in Docker technology, Microsoft's Azure CTO Mark Russinovich speaks for many when he recently said, "[Docker] containers aren't secure. …  They're sharing so much of their underlying operating system that they can't be effectively secured, at least not to the kind of level of risk that we'd be comfortable running two different customers in containers side by side."

Ubuntu, along with Docker and the LXC community, are working now on addressing those concerns with LXD. Shuttleworth described LXD as "a new hypervisor focused purely on containers." This will provide user name, application, and machine security.

This won't be just a software security approach. Shuttleworth said the parties were working with silicon vendors to provide hardware that "guaranteed isolation of containers" on the chip level. LXD will work as a small operating system daemon and provide the same kind of security you now get from a traditional hypervisor like KVM.

LXD will be an open source program. Shuttleworth said that the program will be ready for production use within six months.

At this time, there are no further details available. As the project advances, you can find further information about it on the Ubuntu, Docker and LXC sites.

Related Stories:

Editorial standards