Container Linux (formerly CoreOS Linux) is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments. One of its focuses was scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.

Container Linux shares foundations with Gentoo Linux, ChromeOS, and ChromiumOS through a common software development kit (SDK). Container Linux adds new functionality and customization to this shared foundation to support server hardware and use cases. CoreOS was developed primarily by Alex Polvi, Brandon Philips, and Michael Marineau, with its major features available as a stable release.

The CoreOS team announced the end-of-life for Container Linux on May 26, 2020, offering Fedora CoreOS, and RHEL CoreOS as its replacement.

Container Linux provides no package manager as a way for distributing payload applications, requiring instead all applications to run inside their containers. Serving as a single control host, a Container Linux instance uses the underlying operating-system-level virtualization features of the Linux kernel to create and configure multiple containers that perform as isolated Linux systems. That way, resource partitioning between containers is performed through multiple isolated userspace instances, instead of using a hypervisor and providing full-fledged virtual machines. This approach relies on the Linux kernel's cgroups and namespaces functionalities, which together provide abilities to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) for the collections of userspace processes.

Initially, Container Linux exclusively used Docker as a component providing an additional layer of abstraction and interface to the operating-system-level virtualization features of the Linux kernel, as well as providing a standardized format for containers that allows applications to run in different environments. In December 2014, CoreOS released and started to support rkt (initially released as Rocket) as an alternative to Docker, providing through it another standardized format of the application-container images, the related definition of the container runtime environment, and a protocol for discovering and retrieving container images. CoreOS provides rkt as an implementation of the so-called app container (appc) specification that describes the required properties of the application container image (ACI). CoreOS created appc and ACI as an independent committee-steered set of specifications aimed to become part of the vendor- and operating-system-independent Open Container Initiative, or OCI, initially named the Open Container Project (OCP) containerization standard, which was announced by a group of large tech companies in June 2015.

Container Linux uses ebuild scripts from Gentoo Linux for automated compilation of its system components, and uses systemd as its primary init system, with tight integration between systemd and various Container Linux's internal mechanisms.

Container Linux achieves additional security and reliability of its operating system updates by employing FastPatch as a dual-partition scheme for the read-only part of its installation, meaning that the updates are performed as a whole and installed onto a passive secondary boot partition that becomes active upon a reboot or kexec. This approach avoids possible issues arising from updating only certain parts of the operating system, ensures easy rollbacks to a known-to-be-stable version of the operating system, and allows each boot partition to be signed for additional security. The root partition and its root file system are automatically resized to fill all available disk-space upon reboots; while the root partition provides read-write storage space, the operating system itself is mounted read-only under /usr.

To ensure that only a certain part of the cluster reboots at once when the operating system updates are applied, preserving the resources required for running deployed applications, CoreOS provides locksmith as a reboot manager for Container Linux. Using locksmith, one can select between different update strategies that are determined by how the reboots are performed as the last step in applying updates; for example, one can configure how many cluster members are allowed to reboot simultaneously. Internally, locksmith operates as the locksmithd daemon that runs on cluster members, while the locksmithctl command-line utility manages configuration parameters. Locksmith is written in the Go language and distributed under the terms of the Apache License 2.0.