Linux Containers is an operating system level virtualization that jail process in the particular directory for security and better utilization of your Linux server. This post explains Linux containers internal working concept such as Namespaces and control groups (cgroups) and more.
Namespaces and control groups (cgroups) are responsible for the magic behind Linux containers. The support for namespaces initially appeared in 2.4.19 kernels (mount point/file system isolation), but there are now six different types of namespace abstractions in the mainline of the contemporary kernels. From the kernel’s perspective, a container is just another process with its own set of resources – file descriptors, process address space and processor’s state. For instance, a containerized nginx web server exposes external PIDs for its master and worker processes:
- Read more: Linux Containers Internals (Part I)