Skip to main content

Linux-only note (important limitations)

## Limitations of LXC (Linux‑only note)

Linux Containers (LXC) take advantage of namespaces and cgroups built into the Linux kernel to provide lightweight isolation.  Because all containers share the host’s kernel, they **cannot run non‑Linux operating systems**.  This is an important distinction from full hypervisor technologies like KVM, which emulate hardware and allow each guest to run its own kernel.

### Limitations of LXC (Linux-only note)
## Why LXC is Linux‑only

- **Shared kernel** – Each LXC container uses the host’s kernel.  There is no emulation of BIOS, CPU or devices, and there is no possibility to boot a different kernel inside the container.  As a result, you can only run distributions compatible with the host kernel (for example, Ubuntu, Debian, CentOS, Alpine, etc.).
- **Kernel version constraints** – All containers must run binaries that are compatible with the host kernel version.  You cannot load modules that the host kernel lacks or use newer kernel features until the host is updated.
- **No Windows or BSD** – Operating systems like Windows, FreeBSD or Solaris cannot run inside an LXC container because they require their own kernel.  If you need these systems, choose a KVM VPS or a dedicated server.

### Additional considerations

- **Weaker isolation** – While namespaces and cgroups provide reasonable separation, LXC containers share the same kernel.  A kernel exploit could affect all containers and the host.  Use unprivileged containers and keep your kernel patched to reduce risk.
- **Limited kernel‑level features** – Some kernel features, such as hardware passthrough (e.g., GPU or USB devices), nested virtualization or custom kernel modules, are not available in LXC.  Full hypervisors like KVM support these features.
- **Docker inside LXC** – Running Docker inside an LXC container can be challenging because both use cgroups and namespaces.  Many providers discourage nested containerisation within LXC for stability reasons.

### When to choose something else

Choose a **KVM VPS** instead of LXC if you:

- Need to run Windows, FreeBSD or another non‑Linux OS.
- Require kernel‑level features such as device passthrough, custom kernels or nested virtualization.
- Require strong isolation for multi‑tenant or untrusted workloads.

Choose **LXC** if you only run Linux workloads and value low overhead and fast provisioning.  For workloads that need both, providers often offer both LXC and KVM so you can pick the most appropriate environment.

Back to top