Skip to Content

A stick figure smiling

Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

Image of a comic. To read the full HTML alt text, click "read the transcript".

browse more comics! get the zine!
read the transcript!

### a container is a group of Linux processes

Illustration of a smiling stick figure with curly hair.

person: on a Mac, all your containers are actually running in a Linux virtual machine

panel 2

person: I started ‘top’ in a container. Here’s what that looks like in ps:

  • outside the container
    $ ps aux grep top USER PID START COMMAND root 23540 20:55 top bork 23546 20:57 top
  • inside the container $ ps aux | grep top USER PID START COMMAND root 25 20:55 top (root 23540 20:55 top and root 25 20:55 top are the same process!)

container processes can do anything a normal process can…

Illustration of a smiling stick figure with curly hair, and Linux, represented by its penguin mascot

person: I want my container to do X Y Z W! Linux: sure! your computer, your rules!

but usually they have restrictions

(there are drawings of locks on either side of the word “restrictions”)

Illustration of a container, represented by a box with a smiley face. Around it are arrows with the following labels: - different PID namespace - different root directory - cgroup memory limit - limited capabilities - not allowed to run some system calls

the restrictions are enforced by the Linux kernel

Linux: NO, you can’t have more memory!
person: on the next page we’ll list all the kernel features that make this work!

Saturday Morning Comics!

Want another comic like this in your email every Saturday? Sign up here!

I'll send you one of my favourite comics from my archives every Saturday.
© Julia Evans 2024 | All rights reserved (see the FAQ for notes about licensing)