Containers from Scratch
- Containers are just namespaces + chroots + cgroups, no virtualizations
- Namespaces and chroots use syscalls, cgroups use a virtual fs like
/proc, typically in/sys/fs/cgroup - Need to both set up a pid namespace and mount
/procinside the “container” to getpsto work correctly