Containers but not Docker

Short Tech Stories
Nov 21, 2016 · 3 min read

I’m not docker’s biggest fan , but i do see its benefits , although i think somehow it has managed to sort of hide what docker really is and what it really does, but this post isn’t about docker , but about namespaces.

Docker/lxc use a kernel feature that , in simplest terms , allows a process to have isolation a multiple levels (pids / fs / hostnames / etc)

So the question is , if docker/lxc is a process , how much different is it from a normal process , let’s say a clone() of “ls”

the following is a normal ls

We all know the fork() syscall is actually clone , clone copies some parts of the parent process memory to the children etc etc .

This is a clone example for executing an containerized “ls”:

There are pretty much the same , but not quite , there’s some extra arguments , arguments that provide that isolation:

Let’s pick CLONE_NEWPID for example (man 7 namespaces)

Man says “ PID namespaces isolate the process ID number space, meaning that processes in different PID namespaces can have the same PID. PID namespaces allow containers to provide functionality such as suspending/resuming the set of processes in the container and migrating the container to a new host while the processes inside the container maintain the same PIDs.”

So that makes sense , i guess it also helps to keep the number of pids quite low , as if you have a massive host running plenty of containers and plenty of apps pids would go quite high , we verify this by doing:

Somehow I got ps on pid 2 , pretty neat .

So there’s a lot of namespaces arguments you can pass to clone , clone takes a function as an argument (amongst others) you can “containerize” pretty much everything.

there child_main() is just a random C function .

I hope that explains the internals of namespaces a bit , there’s a missing part which is linking namespaces with cgroups. Maybe for another article.


Hacker Noon is how hackers start their afternoons. We’re a part of the @AMI family. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

how hackers start their afternoons.

Short Tech Stories

Written by

Jeronimo (Jerry) Garcia @e , , looking for new opportunities contact me !

how hackers start their afternoons.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade