Florence, Italy

Docker under the Hood — 3. Userspace, Kernel, Syscalls, Permissions, setuid, setgid, and Capabilities

This article is part of my “Docker under the Hood” series. For your convenience, here’s the list of my previous articles of this series:

• 0. Naming, Components, and Runtime
• 1. Diving into the Image
• 2. Container from Scratch, and Image Storage

A container is just a Process

Photo by Thais Morais on Unsplash

You might think: what do Linux permissions and capabilities have anything to do with docker?

Truth is, every container is, in fact, just a running process, as we shall prove now.

You can download the needed vagrant file from this GitHub repo so that you can do all the experiments mentioned in this series of articles yourself.