Ah OK, now I get it. It's what you would want from a VM (isolation & reuse) without all the data duplication of the VM image files, and the memory requirements associated with provisioning and running many VMs.
That's right. It's closer to the software layer than the infrastructure layer, so there's a lot more flexibility. You could essentially run a few machines on bare metal and use Docker as the virtualization layer. Just need an OS that supports LXC and you're good to go.
Does Docker work in the same way as Solaris/Illumos zones, or FreeBSD Jails (or Verio's equivalent [1])? Docker appears to add portability, but no security.
I ask as virtualising this way (thinking about secure shared hosting) is of interest to me, vs multiple VMs, and I'm curious about the advantages and disadvantages of each.
You can run the full-stack inside a container. eg. run Red Hat or CentOS inside Ubuntu. The process inside LXC / Docker is unaware it's inside a container. You can have 100 processes all think they're binding to a given port, which simplifies things within the container. This is why docker images work so well: they can be fired up and use the same configuration no matter how many instances you create. LXC = jail on steroids.
I'm not entirely clear on this yet, but it sounds like it could be very useful for load-testing a particular service I'm working on. Testing the service requires a series of directories to be present for each client. It sounds like this docker+busybox combination could be used for this.
The copy-on-write aspect is very neat.