Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

get the zine!
Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

containers use these Linux kernel features

“container” doesn’t have a clear definition, but Docker containers use all of these features.

pivot_root

set a process’s root directory to a directory with the contents of the container image

cgroups

limit memory/CPU usage for a group of processes

Linux, represented by a box with a smiley face: only 5OO MB of RAM for you!

namespaces

allow processes to have their own:

  • network
  • PIDs
  • hostname
  • mounts
  • users
    • more

capabilities

security: give specific permissions

seccomp-bpf

security: prevent dangerous system calls

overlay filesystems

this is what makes layers work! Sharing layers saves disk space & helps containers start faster