Docker under the Hood — 3. Userspace, Kernel, Syscalls, Permissions, setuid, setgid, and Capabilities
Published in
9 min readJun 8, 2020
This article is part of my “Docker under the Hood” series. For your convenience, here’s the list of my previous articles of this series:
- 0. Naming, Components, and Runtime
- 1. Diving into the Image
- 2. Container from Scratch, and Image Storage
A container is just a Process
You might think: what do Linux permissions and capabilities have anything to do with docker?
Truth is, every container is, in fact, just a running process, as we shall prove now.
You can download the needed vagrant file from this GitHub repo so that you can do all the experiments mentioned in this series of articles yourself.