Talk:OS-level virtualization

This is the talk page for discussing improvements to the OS-level virtualization article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1Auto-archiving period: 365 days

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Software Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as High-importance).

Add information about Kata Containers

Kata Containers has just released version 1.0. The technology is basically qemu but with all hardware virtualization removed. Intel has been working on it for a couple of ears and it was highly talked about at the big OpenStack meetup in Canada in May 2018. https://katacontainers.io/ --Svintoo 2018-05-29 09:14 (UTC)

Definition of container

Latest comment: 5 years ago1 comment1 person in discussion

While researching for this article, I've noticed different definitions of container depending on what aspects of the technology the authors want to stress. For example, Docker defines a container as "a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another" [1], while this article (before I rewrote the lead) defined a container as an instance of a virtual userspace created thru OS-level virtualization [2]. Since Docker is the most widespread container framework, the lead should give due weight to their definition (which stresses portability). Qzekrom 💬 ^they_them 18:24, 3 March 2019 (UTC)Reply

Renaming back to “OS-level virtualisation”

Latest comment: 5 years ago3 comments2 people in discussion

I've renamed this back to OS-level virtualisation (shortening "Operating-system-level" to "OS-level" for a shorter title). Container is very Linux-specific terminology (possibly borrowing on the branding of an implementation in Solaris); I've never heard of anyone referring to FreeBSD jail or DragonFly BSD's vkernel as a container; undo an ill-discussed and Linux-specific move of something that's a very well-known operating system paradigm as-is; "container" is probably also a slang, and doesn't describe all levels of "OS-level virtualisation", either; in fact, in the prior discussion itself one of the suggestions was to rename the page either to "containers" or to "jails", which shows a very clear lack of consensus of how this should be called if a rename is to be performed, and confirms that the prior name of "OS-level virtualisation" might as well be more neutral and encyclopaedic. Do not move again unless a clear and sourced consensus is apparent. There needs to be an article about "OS-level virtualisation" for other technologies to reference, which don't use "container" terminology and aren't known as "containers", and where people would be confused by the mentions of "containers". If you think a separate article about containers is warranted, feel free to create such article, but I fail to see clear evidence supporting a rename. MureninC (talk) 02:32, 9 April 2019 (UTC)Reply

@MureninC: I think there was a clear consensus to move to "Container (virtualization)"; while one user did suggest "jail" as an alternative target, I did implicitly address that by saying that "container" seems to be the most popular name... by far. If you disagree with the move decision, please use Wikipedia:Move review to contest it instead of reverting unilaterally. Qzekrom 💬 ^they_them 05:47, 9 April 2019 (UTC)Reply

Dekimasu closed the move, so talk to him before starting a formal move review per the directions at WP:MR. Qzekrom 💬 ^they_them 05:50, 9 April 2019 (UTC)Reply

Disputed

Latest comment: 1 year ago4 comments3 people in discussion

@MureninC: This name directly conflicts with the definition of virtualization and creates a dangerous misconception about what is being talked about. Virtualization implies that there's a resource that is being virtualized. In case of containerization - there isn't one. There is no virtual machine, no hypervisor, no virtual resource. It's just OS separating processes on a level of particular system APIs, such that each containerized process group gets its own data from these APIs, with no mix. Historically different techniques were used to achieve this (jails), but the containerization is the current state of the art, and as such it is the accepted nomenclature. Where it's been implemented first and whether people confuse the concept with older techniques should have no bearing on that nomenclature. Judging by the previous comments, this rename was unilateral, and counter to the policy at Wikipedia:Article titles, which states: "Generally, article titles are based on what the subject is called in reliable sources.". Almost all of the cited sources refer to this technique as "software containers", whereas "OS-level virtualization" is only used in two of them. MrMizo (talk) 18:12, 24 October 2021 (UTC) To better illustrate the reasons behind my objection: what is being virtualized here? MrMizo (talk) 18:24, 24 October 2021 (UTC)Reply

@MrMizo process name space, disk, network, etc. Any time you slice up a host system into separate rescources, from the process point of view, you are doing virtualization. You don't have to explicitly define abstract hardware, Virtualization is a general computing concept. For instance all of the following can be considered virtual machines:

- some programming language interpreters

- a machine defined in an FPGA

- common programs

This is also why processes are addressed Virtual Memory, which is memory multiplexing on a finite resource to give the process the view that it can utilize all of that resource (eg. you have 16GB of ram. The process perspective is that it has the full 16GB ram to utilize. Actually excess is written out as a page file, swap, or compressed memory) 96.245.205.88 (talk) 15:05, 4 June 2022 (UTC)Reply

@talk:96.245.205.88 By that definition, introducing any boundary between system level APIs can be called virtualization. This dilutes the concept of virtualization down to the point of it being completely useless.

For example, by this logic, introducing any privilege boundaries between different processes on a system API level becomes virtualization. Since when privilege separation ⊂ virtualization? It's grotesque. People already started calling cgroups a "lightweight virtualization method". So... now resource limiting is virtualization too. Fantastic.

Your examples also aren't correct nor applicable here:

- Virtual memory virtualizes a resource called "address space". Paging is a separate technique which that virtualization makes easier; it has nothing to do with virtualization itself, you can page real memory address spaces too.

- Programming language interpreters often utilize a virtual machine that operates on virtual compute, with virtual bytecode (JVM / Python VM / etc.). The compute is what is virtualized via virtual processing, with its own ISA that uses its own bytecode.

- FPGA is a class of a hardware component. It doesn't virtualize anything. They do real things using real hardware, it's just that the hardware is flexible enough to accomodate a vast domain of designs.

- Common programs - exactly how? Are you going to include "Hello World" under the virtualization umbrella at some point?

Virtual memory and "Bytecode" VMs create a virtual resource. Limitting / slicing APIs or resources, by itself, does not.

All of this still ignores the fact that the rename in question was done unilaterally.

--MrMizo (talk) 10:37, 13 June 2022 (UTC)Reply

I stumbled into this page, and as an industry veteran of multiple decades, I very much agree with the "dangerous misconception" statement above. OS containers are about *isolation* not *virtualization*. These are distinct concepts in the tech world, and this page/article is incorrectly conflating them in a way that will hurt industry discourse and general understanding for its readers. Container isolation can only be considered "virtualization" in the weakest sense of the word virtualization, which is a sense that is not typically used in the industry because it then becomes a useless word. To give an analogy, process isolation is about permission: within an isolated process namespace, processes do not have permission to see processes from outside of that namespace. By analogy, on a typical filesystem, the permissions of the filesystem are unlikely to allow user A to deeply traverse into user B's personal home area. Would one then say that "the filesystem permissions are an OS-level virtualization because from a user A process's perspective it cannot access user B's storage resources and thus is seeing a 'virtualized disk that doesn't contain user B's resources'"? Of course not. Perhaps we could benefit from a clarification section _somewhere_ about the difference between "the literal english word's meaning" and "the common meaning in industry in the context in which this article lives", where one of those includes things like "containers" and the other doesn't.

As I'm not typically a wikipedia editor, how do disputes about fundamental definitions or "terms of art" get resolved? Do I just add a "This is classification or definition is disputed" text or label to the page? VDave420 (talk) 23:57, 10 March 2023 (UTC)Reply