By @moein7tl
What is Docker?
The Challenge

Cargo Transport Pre-1960

Matrix from Hell
Solution:  Container

Docker VS VMs
LXC (Linux Containers)

  1. OS Level Virtualization
  2. User Space
  3. Two Linux Feature
  • Namespaces
  • CGroups
  • Chroot
Kernel Namespaces

CGroups - Control Groups
Cgroups (abbreviated from control groups)
is a Linux kernel feature that limits,
accounts for and isolates the resource usage
(CPU, memory, disk I/O, network, etc.)
of a collection of processes.

Chroot - Change Root
A chroot on Unix operating systems is an
operation that changes the apparent root
directory for the current running process and
its children. A program that is run in such a
modified environment cannot name
(and therefore normally not access)
files outside the designated directory tree.
AUFS - Another UnionFS
 complete rewrite of the earlier UnionFS
  • Union Mount - branch
  • Copy on write
  • Dynamic branch manipulation, add, del
  • ...
  • Filesystem isolation
  • Resource isolation
  • Network isolation
  • Copy-on-write - Just Docker
Sharing Kernel:
Docker Images:
Docker Layers:
Docker Tree:

