Containers from Scratch

  • Containers are just namespaces + chroots + cgroups, no virtualizations
  • Namespaces and chroots use syscalls, cgroups use a virtual fs like /proc, typically in /sys/fs/cgroup
  • Need to both set up a pid namespace and mount /proc inside the “container” to get ps to work correctly
Edit