At Dockercon in Austin, Texas, Docker CEO Solomon Hydes said, Docker “is a bunch of projects not a monolith.” One of the newest of these projects is LinuxKit. This is a toolkit for building secure, portable, and lean operating systems for containers.
Specifically, it’s a toolkit to assemble custom Linux subsystems with the initial intention to create a more native experience for Windows and Mac macOS desktops and cloud platforms. This program was developed with leading companies such as silicon partner ARMl infrastructure providers like HPE, as well as cloud companies including Microsoft and IBM. It is now an open source project that will be managed by The Linux Foundation.
Docker claimed LinuxKit allows users to “create very secure Linux subsystems because it is designed around containers. All of the processes, including system daemons, run in containers, enabling users to assemble a Linux subsystem with only the needed services. As a result, systems created with LinuxKit have a smaller attack surface than general purpose systems.” That’s all true, but it’s true of any containerized operating system.
In a blog post, Justin Cormack, a Docker engineer, added: “LinuxKit includes the tooling to allow building custom Linux subsystems that only include exactly the components the runtime platform requires. All system services are containers that can be replaced, and everything that is not required can be removed. All components can be substituted with ones that match specific needs. It is a kit, very much in the Docker philosophy of batteries included but swappable.”
LinuxKit enables this by bundling Linux into the Docker platform. That way users who want Linux container support on platforms without native Linux such as macOS and Windows can run on these operating systems.
The base LinuxKit Linux distribution is tiny. At its smallest, LinuxKit Linux takes up only 35MB with an extremely fast boot time to match. As you’d expect, “All system services are containers, which means that everything can be removed or replaced.” It’s highly portable and can work on desktops, servers, IoT, mainframes, bare metal, and virtualized systems.
If this sound familiar, well it should. Alpine is, and will remain, Docker’s native Linux for containers. Alpine has many of the same features. The key difference is that LinuxKit is meant to be even more flexible and easier to customize.
In a tweet, Nathan McCauley, Docker’s security director, made it explicit that “Linuxkit’s roots are in Alpine. A stronger Alpine is a stronger LinuxKit. We’ll continue to invest in Alpine.” McCauley also said LinuxKit is “a Linux subsystem focused on security.”