KreaTV LXC

KreaTV 5 allows running system services and applications in sandboxed environments called containers. The technology used internally to provide this functionality is known as Linux Containers, or LXC. LXC is enabled by default and makes critical platform services and all applications run in individual containers.

Separating different components in isolated environments has two main advantages:

1. An increased level of security. Applications running in a container do not have access to system resources that belong in other containers. By enforcing this separation, the possibilities for malicious attacks to the STB are significantly reduced.
2. Robustness against resource abuse. LXC provides not only isolation but resource limitation as well, which means that the system can prevent resource starvation from happening and keep stable performance in situations where a certain process might be demanding massive amounts of memory or CPU time, for example.