Linux Container - Base Technologies
As we all know, Docker didn’t invent a new technology for Linux container. But they provided a really convenient way to utilize the existing Linux container technologies on running a Linux application in a container environment.
Linux container is made of the following three technologies.
- chroot: change root, chroot will allow the command to have a new root
1
# chroot /new-root bash
- unshare: namespace, namespace will isolate the process from other processes so that process cannot see other processes
1
2
3
4
# unshare --mount --uts --ipc --net --pid --fork --user --map-root-user chroot /new-root bash
# mount -t proc none /proc # process namespace
# mount -t sysfs none /sys # filesystem
# mount -t tmpfs none /tmp # filesystem
- cgroup: control group, cgroup will limit to access the resource usages for the process so that the isolated process cannot consume all CPU, memory etc
1
2
# cgcreate -g cpu,memory,blkio,devices,freezer:/sandbox
# cgclassify -g cpu,memory,blkio,devices,freezer:sandbox <PID>
-
The following command will list tasks associated to the sandbox cpu group
1
# cat /sys/fs/cgroup/cpu/sandbox/tasks
More details can be found from the below links.
https://github.com/btholt/projects-for-complete-intro-to-containers