In the previous videos, we talked about the evolution of Virtualization. We also looked into the problems with the VM model.

Now that we have a basic understanding of why we need containers, let’s dive deeper.

In this video, we talk about the Kernel internals like namespaces, cgroups, Unified File System (ufs), and Linux capabilities. These lower level constructs come together and give us modern containers.

Docker Containers - Kernel Internals

Notes from the video

  • namespaces

    • create isolated and independent instances of user space
    • 1 isolated instances = 1 containers
    • common namespaces:
      • process id (pid)
      • network (net)
      • filesystem/mount (mnt)
      • inter-proc comm (ipc)
      • uts
      • user
  • control groups (cgroups)

    • group resources
    • apply limits
    • 1 container = 1 cgroup
  • unified file system (ufs)

    • r/o file system or block devices layered on top of one another
    • a single r/w top layer
  • capabilities

    • fine grain control over privileges a user or process gets
    • --privileged = true
    • Docker uses a white list

Please share your questions and valuable feedback through comments.

Thanks.