LXC provides a userspace interface for Linux kernel containment features. Unlike Docker, which focuses on application packaging, LXC is designed for system containers. These containers act as lightweight virtual machines with their own init system, logging, and network configuration, while sharing the host's kernel for efficiency.
The technology relies on cgroups for resource allocation (limiting CPU and memory) and namespaces for isolating process trees, users, and mounts. Because there is no hypervisor layer, system calls are executed directly by the host kernel, eliminating hardware emulation overhead.
How it works
LXC is primarily used in multi-tenant environments and infrastructure orchestration, such as within Proxmox VE or Canonical's LXD. It is the preferred choice for running full Linux distributions where persistent services like sshd, cron, or syslog are required inside the container.
A key advantage is near-native performance and sub-second startup times. Administrators manage containers using low-level tools like lxc-ls to list instances or lxc-top to monitor resource consumption in real-time.