Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
read the transcript!
### a container is a group of Linux processes
Illustration of a smiling stick figure with curly hair.
person: on a Mac, all your containers are actually running in a Linux virtual machine
panel 2
person: I started ‘top’ in a container. Here’s what that looks like in ps:
- outside the container
$ ps aux grep top USER PID START COMMAND root 23540 20:55 top bork 23546 20:57 top
- inside the container
$ ps aux | grep top USER PID START COMMAND root 25 20:55 top
(root 23540 20:55 top
androot 25 20:55 top
are the same process!)
container processes can do anything a normal process can…
Illustration of a smiling stick figure with curly hair, and Linux, represented by its penguin mascot
person: I want my container to do X Y Z W! Linux: sure! your computer, your rules!
but usually they have restrictions
(there are drawings of locks on either side of the word “restrictions”)
Illustration of a container, represented by a box with a smiley face. Around it are arrows with the following labels: - different PID namespace - different root directory - cgroup memory limit - limited capabilities - not allowed to run some system calls
the restrictions are enforced by the Linux kernel
Linux: NO, you can’t have more memory!
person: on the next page we’ll list all the kernel features that make this work!
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!