Analysis of Behavioral Differences Between ArkTS Containers and Native Containers

Harmony OS Next

Analysis of Behavioral Differences Between ArkTS Containers and Native Containers

In today's digital wave, container technology has become increasingly crucial. Whether it's native containers or the uniquely distinctive ArkTS containers in the HarmonyOS ecosystem, both play important roles in their respective environments. Although both aim to achieve application isolation and efficient resource utilization, there are notable differences in many behavioral details.

Resource Scheduling and Management

Native containers, with Docker being a typical representative, follow the traditional Linux kernel's resource scheduling mechanism. They precisely limit resource quotas such as CPU and memory based on cgroups (control groups). For example, when starting a web service native container, you can allocate 2 CPU cores and 4GB of memory through the command docker run -it --cpus=2 --memory=4g my_web_image, ensuring exclusive resource allocation with clear boundaries and avoiding resource contention interference between containers.

ArkTS containers, situated in the HarmonyOS distributed environment, focus more on cross-device collaboration for resource scheduling. The HarmonyOS kernel dynamically allocates resources based on the real-time performance of devices and network conditions. Imagine a smart home scenario where multiple devices work together, such as a smart speaker and a smart TV collaborating. The music playback application in the ArkTS container will dynamically obtain audio output resources from the speaker and display resources from the TV, achieving flexible resource sharing and breaking the limitations of single-device resources, which is difficult for native containers to achieve.

Security Isolation Features

Native containers utilize namespace (namespace) technology to isolate processes, networks, file systems, etc., creating an independent "small room" within the system. However, once a security vulnerability is exploited, attackers may leverage kernel-sharing vulnerabilities to break through container boundaries and endanger the host machine.

ArkTS containers, in addition to basic isolation, incorporate the microkernel security architecture concept of the HarmonyOS system. The microkernel is streamlined and stable, with key system services externalized to reduce the attack surface of the kernel. Moreover, formal verification ensures the security of the kernel code, laying a solid foundation for container security from the bottom up. At the ArkTS code level, permission control is meticulous:

import Ability from '@ohos.app.ability.UIAbility';
export default class MyAbility extends Ability {
  onCreate() {
    // Strictly limit access permissions to specific hardware resources
    let accessToken = this.context.getAccessToken();
    accessToken.verifyPermission('ohos.permission.AUDIO_PLAYBACK', 1)
    .then((granted) => {
        if (granted) {
          console.log('Audio playback permission granted');
        } else {
          console.log('No audio playback permission');
        }
      });
  }
}

This code demonstrates permission verification within an ArkTS ability (Ability), where the application strictly checks permissions upon startup to prevent illegal resource calls.

Application Development and Deployment

Native containers are compatible with mainstream programming languages and frameworks, focusing on cloud-native applications. They use Dockerfiles to orchestrate the image building process, allowing developers to concentrate on the business logic within the container. For example, building a Node.js application container:

FROM node:14
WORKDIR /app
COPY package*.json./
RUN npm install
COPY..
EXPOSE 3000
CMD ["npm", "start"]

ArkTS containers are deeply integrated with HarmonyOS APIs, requiring developers to follow the componentized and distributed design paradigms of HarmonyOS during development. Deployment targets all-scenario intelligent devices in HarmonyOS, including smartphones, tablets, and smart wearables, necessitating considerations for different device screen sizes and interaction methods. This demands higher requirements for application interface adaptability and interaction logic adjustments.

In summary, ArkTS containers and native containers each have their own advantages. Native containers are mature and well-suited for the cloud-native ecosystem, while ArkTS containers align with the distributed vision of HarmonyOS, innovating the interactive experience and enhancing cross-device collaboration and security. Developers need to carefully choose the appropriate container solution based on project scenarios and requirements to unlock the corresponding technological benefits.