For my memory comparison of light Linux desktops I needed a tool that would allow me to install on my computer about 20 window managers/desktop environments. After looking at several common virtualization packages, I ended up using Linux containers and virtenv for the job.
LXC and virtenv
Probably the best way to describe virtenv is as a graphic interface for Linux containers utilities developed and distributed by LXC project. Linux containers is the virtualization technology build into Linux kernel, available in any kernel after 2.6.32.
The virtual machines (VM) are driven without any overhead by the kernel already running on the computer. You don’t need to run a different kernel in the virtual machine, run only the processes you need, without even going trough the regular SysV or Linux init. This all means that memory is used very conservatively. For example, on a 1GB RAM computer you can run easily 10 SSH/DHCP servers, or 10 different xorg/X11 servers with LXDE window managers on top.
$ sudo apt-get install xserver-xephyr bridge-utils lxc jwm $ sudo dpkg -i virtrenv_0.8_1.deb
Once installed, you would start it from command line as virtenv, or from System Tools menu.
virtenv mounts copy-on-write the current filesystem installed on the host computer. By default /home directory is not imported in the container. Any modification to the filesystem in the container will stay in the container, the host filesystem remains untouched.
This feature is useful to isolate potentially malicious processes from the host system, install (apt-get) and try new software packages, chroot system for running servers etc.
In my memory comparison exercise, virtenv provided me with filesystem and xorg/X11 server isolation. All this was based on LXC facilities in the existing Linux kernel. LXC has also support for networking stack isolation. I will describe in the rest of the article a setup with one virtual machine connected by an isolated network (br0) to the host computer.
First things first, we need to create and configure br0 bridge device:
$ sudo brctl addbr br0 $ sudo ifconfig br0 10.0.0.1/24 $ ifconfig br0 br0 Link encap:Ethernet HWaddr fa:cc:c0:01:44:a2 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f8cc:c0ff:fe01:44a2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
Then, I start virtenv and create a new virtual machine vm1.
I configure it for no graphic xserver support, bridge networking and I assign it an IP address of 10.0.0.10/24.
Once configured, the virtual machine is started automatically by virtenv. The VM has its own xterm acting as a console. I can now ping from this virtual machine the host interface at 10.0.0.1.
This is all that is to it, nothing more! This kind of network isolation is very useful for software development, testing, trying out new software etc. You can even stream youtube videos in a such a virtual machine with xserver support enabled.
I find it funny how cloud providers sell virtual machines using VM RAM size for pricing. For them, more memory means more money. Such a virtual machine has its own kernel, a full Linux support system (cron, logger etc.) and all the necessary init routines. 512MB or 1024MB is something usual for a VM.
LXC is approaching the same problem from a different angle. There is only one kernel running the host and also the virtual machines. You can build really small virtual machines this way. Some people are also calling them application containers:
|Virtual machine||RAM Memory|
|ISC DHCP server, OpenSSH server, rsyslogd||20MB|
|Apache2 server, OpenSSH server, rsyslogd||22MB|
|xserver, LXDE window manager||44MB|
|xserver, KDE Plasma desktop environment||209MB|