ContainerVisor: Customized Control of Container Resources

Cloud platforms are increasingly using containers for lightweight virtualization. Unlike full system virtual machines (VMs) that each runs its own operating system, containers share a stateful operating system to reduce their memory footprint and execution overheads. However, mainstream operating systems are currently limited in their ability to customize a container's memory management, since they lack the necessary abstractions and mechanisms to accurately track and isolate a container's memory footprint. We propose a new abstraction, called the Container-Level Address Space (CLAS), that provides a unified view of a container's memory across all of its constituent processes. We present the design of ContainerVisor, a per-container resource management system that leverages CLAS to provide customized memory management services. We describe a ContainerVisor prototype on Linux for running unmodified applications and demonstrate three proof-of-concept customized services, namely process-level memory limits and reservations, container-specific page replacement policies, and privacy-aware memory de-allocation. Our evaluations show that ContainerVisor can provide these customized services within reasonable overheads.