System containers, the oldest type of containers, focus on running an entire Linux distribution, including all its services in very much the same way it would on a physical system or virtual machine. System containers come with some unique challenges, users of those containers expect to be able to do pretty much everything that they can on a normal system. This means it’s not possible to restrict those containers quite as much as application containers can be. It also means that there are extra expectations to be met: Being able to add/remove devices to/from a running container Loading security profiles inside a container Using file capabilities in the container Mounting file systems Proper reporting of uptime, resource consumption and limits Live-migration In this presentation, we’ll explore some of the existing technologies in use by LXC and LXD to address some of those expectations as well as upcoming kernel and userspace features that will allow system containers to do even more than they do today.