Docker & Containers - Kernel Internals (namespaces
, cgroups
, ufs
, Linux Capabilities)
In the previous videos, we talked about the evolution of Virtualization. We also looked into the problems with the VM model.
Now that we have a basic understanding of why we need containers, let’s dive deeper.
In this video, we talk about the Kernel internals like namespaces
, cgroups
, Unified File System (ufs
), and Linux capabilities.
These lower level constructs come together and give us modern containers.
Notes from the video⌗
-
namespaces
- create isolated and independent instances of user space
- 1 isolated instances = 1 containers
- common namespaces:
- process id (pid)
- network (net)
- filesystem/mount (mnt)
- inter-proc comm (ipc)
- uts
- user
-
control groups (cgroups)
- group resources
- apply limits
- 1 container = 1 cgroup
-
unified file system (ufs)
- r/o file system or block devices layered on top of one another
- a single r/w top layer
-
capabilities
- fine grain control over privileges a user or process gets
--privileged = true
- Docker uses a white list
Please share your questions and valuable feedback through comments.
Thanks.
Read other posts