Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
read the transcript!
containers use these Linux kernel features
“container” doesn’t have a clear definition, but Docker containers use all of these features.
pivot_root
set a process’s root directory to a directory with the contents of the container image
cgroups
limit memory/CPU usage for a group of processes
Linux, represented by a box with a smiley face: only 5OO MB of RAM for you!
namespaces
allow processes to have their own: - network - PIDs - hostname - mounts - users - + more
capabilities
security: give specific permissions
seccomp-bpf
security: prevent dangerous system calls
overlay filesystems
this is what makes layers work! Sharing layers saves disk space & helps containers start faster
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!
