Container

From docwiki
Revision as of 20:06, 31 October 2020 by Mond (talk | contribs) (Why Container?)
Jump to: navigation, search


Motivation

Container provide a light-weighted virtualization where the kernel of your system is used but the processes that have a different view onto the system. Here you will learn the basic terminology of the container world and some examples.

Why Container?

In the beginning was the chroot command that allows a process to see only a part of the file-system but it was never meant as a secure confinement. FreeBSD developed something out of this with the name "jail" where you could really limit a process. Jails where limited to be only able to interact with processes inside its jail and also restricted with certain operations.

When Linux become popular hosting-providers wanted to offer cheap "root-servers" to customers without the overhead of full virtualization. This lead to the creation of "linux-VServers" but this was not part of the mainline kernel.

Today, Linux has a generalized framework for limiting what processes can see with the "cgroups" which is used for container-type virtualization.

What was driving this was not so much security or the desire to run

Retrieved from "https://mond.at/docwiki/index.php?title=Container&oldid=655"