Linuxkit is one of the tools developed by Docker and Docker community. In this part of the course, we are going to discover the steps to create an AWS image using this tool.

According to Docker Inc, Linuxkit is described as the “toolkit for building secure, portable and lean operating systems for containers”.

Secure : Because, according to Docker inc, it aligns with NIST application container security guide that you can read online.
This security guide recommends using a container-specific OS instead of using a general-purpose one. This is recommended to reduce attack surfaces while using smaller OSs with “fewer opportunities to attack and compromise”.

Lean : Because a container OS is designed around the single use case of running containers. Linuxkit has a minimal size (almost 35MB) and has a minimal boot time. All of its system services are containers, so you can easily remove or add services to your OS.

While in an “ordinary” Linux distributions, services that are not used can make part of it, LinuxKit contains dependencies that will be used in the generation of a custom distribution, only used services will make part of your distribution. These dependencies are generated according to a Linuxkit configuration file.

LinuxKit kernel images are distributed as images and contain:
- the kernel,
- kernel modules,
- kernel config file,
- (optionally) kernel headers

According to Docker Inc, kernels are based on the latest stable releases and are updated frequently to include bug and security fixes. For some kernels, Docker carries additional patches, which are mostly back-ported fixes from newer kernels.

You can download Linuxkit images from the Docker Hub and you can find the patches applied to the original kernels in Linuxkit/linux repository. The latter repository is a clone of kernel/git/stable/linux-stable.git

Portable:
LinuxKit can run on any platform Docker runs on: from VMs, bare-metal, mainframes to IoT… This means that a distribution can be run in a cloud like AWS, Azure and Google Cloud.

LinuxKit is somehow like recompiling the Kernel to create a Linux distribution but in an easier way and without the fear of having compatibility or dependency problems. It’s an easier and more secure DIY Linux.