PARIS — At the OpenStack Summit, Mark Shuttleworth, founder of Canonical and Ubuntu Linux, announced that Canonial and Docker have started working on a new secure hypervisor, LXD — pronounced lex-d — for containers.
But even as Docker technology starts rolling into production, concerns remain about its security. Although Microsoft has also brought in Docker technology, Microsoft's Azure CTO Mark Russinovich speaks for many when he recently said, "[Docker] containers aren't secure. … They're sharing so much of their underlying operating system that they can't be effectively secured, at least not to the kind of level of risk that we'd be comfortable running two different customers in containers side by side."
Ubuntu, along with Docker and the LXC community, are working now on addressing those concerns with LXD. Shuttleworth described LXD as "a new hypervisor focused purely on containers." This will provide user name, application, and machine security.
This won't be just a software security approach. Shuttleworth said the parties were working with silicon vendors to provide hardware that "guaranteed isolation of containers" on the chip level. LXD will work as a small operating system daemon and provide the same kind of security you now get from a traditional hypervisor like KVM.
LXD will be an open source program. Shuttleworth said that the program will be ready for production use within six months.
At this time, there are no further details available. As the project advances, you can find further information about it on the Ubuntu, Docker and LXC sites.