Skip to main content

Containerization-Models

In order to deeply understand the container models and their variation, we have grouped them in this wiki.

Application Containers

Application containers package an application with all of its dependencies including executables and libraries to run the application independent of the execution environment. Examples of application containers are as the following table. Some of the application containers come with sandbox feature. Running an application container in a sandbox limits its access to the host operating system to minimize the security risks.

NameSupported Operating SystemsSandboxRoot AccessHydra Release
Ubuntu Snappy (snap)GNU/LinuxFor strict confinmentInstallationAmber Stable
XDG Flatpak (xdg-app)LinuxYes by defaultRootlessNot planned
AppImageLinuxOptional (firejail)RootlessNot planned
Zero InstallLinux, Unix, macOS, WindowsOptional (EBox)RootlessNot planned

Process Containers

A Process Container deals with the processes rather than applications and virtualizes them using namespaces and control groups in Linux. This virtualization alters the process' view of the host operating system in terms of accessible resources. Sandboxing is also a common practice for process containers. Process containers load a full high-level operating system on top of the low-level operating system which includes the kernel and minimal stack of tools and libraries.

A Container Engine is a stack of software capable of building, publishing, extracting, running, and controlling process containers. Running process containers is done by a Container Runtime which has a high-level part responsible for extracting the Container Image to an Executable Bundle and setting up the environment including the networking and storage and a low-level part responsible for executing the bundle and applying those configurations. The following software solutions are offered as container engines with their default stack of software. The design for both of them are pluggable, hence, different tools other than default could be applied.

NameSupported StandardsDefault RuntimesImage BuilderImage ManagerModesHydra Release
Docker EngineDocker Schema + OCIcontainerd over runcBuild-kitDistributiondockerd, Compose, Swarm, K8sAmber Stable
PodmanOCIcri-o over crunBuildahSkopeoCompose, Kube Play, K8sAmber Edge