KreaTV LXC

This feature is a Technical Preview

KreaTV 5 allows running system services and applications in sandboxed environments called containers. The technology used internally to provide this functionality is known as Linux Containers, or LXC.

Separating different components in isolated environments has two main advantages:

1. An increased level of security. Applications running in a container do not have access to system resources that belong in other containers. By enforcing this separation, the possibilities for malicious attacks to the STB are significantly reduced.
2. Robustness against resource abuse. LXC provides not only isolation but resource limitation as well, which means that the system can prevent resource starvation from happening and keep stable performance in situations where a certain process might be demanding massive amounts of memory or CPU time, for example.

To enable LXC, you need to add the kreatv-option-containers IIP to your boot image configuration. Enabling this option makes critical platform services and all applications run in individual containers.

# Enable sandboxing for applications and system services
kreatv-option-containers