Home  >  Article  >  Operation and Maintenance  >  What does chroot do in docker?

What does chroot do in docker?

WBOY
WBOYOriginal
2022-02-07 11:13:383220browse

In docker, chroot is an operation in Unix and Linux systems. For the running software process and its sub-processes, changing its explicit root directory can change the root directory of a process, so that This program cannot access other directories outside the directory.

What does chroot do in docker?

The operating environment of this tutorial: linux7.3 system, docker-1.13.1 version, Dell G3 computer.

What does chroot do in docker

chroot

Container technology has emerged since the first advent of chroot in 1979.

Wikipedia defines chroot as follows:

is an operation in Unix and Linux systems to change the apparent root directory of a running software process and its child processes. A program running in this environment and setting the root directory through chroot cannot access files outside the specified root directory, cannot read them, and cannot change its contents.

In layman's terms, chroot can change the root directory of a process so that the program cannot access other directories outside the directory. This is very similar to what we do in a container. Below we use an example to demonstrate chroot.

chroot example description:

1), mkdir rootfs

#Create a directory named: rootfs in the current directory

2), cd rootfs

#Enter the directory name: rootfs directory

3), docker export $(docker create docker101tutorial) -o docker101tutorial.tar

#Name the container: The file system of docker101tutorial is exported to docker101tutorial.tar as a docker101tutorial.tar archive file and saved

#It can also be simply understood as creating some directories and placing some binary files under rootfs

4), tar -xf docker101tutorial.tar

#Extract the contents of the docker101tutorial.tar file

5), ls

#View the file contents in the current rootfs directory

6), chroot /Users/xiaoqin.wu/rootfs /bin/sh

#Start a sh process, and use /Users/xiaoqin.wu/rootfs as the root directory of the sh process

What does chroot do in docker?

What does chroot do in docker?

Compare the result of command 5 in the above picture: ls to view the file contents in the /Users/xiaoqin.wu/rootfs directory and the result of using it in the sh process Command 7: The results of ls checking the current process are consistent. At this point, it means that the current process and the host are isolated using chroot. A directory isolation container is completed, but it cannot be called a container yet.

The reasons are as follows:

Use command 8: netstat -nr to view routing information

What does chroot do in docker?

It is found from the results that the network information is not isolated. In fact, process and other information are not isolated at this time. To implement a complete container, three other Linux technologies are needed to achieve it, namely:

Namespace

Cgroup

United File System

Recommended learning: "docker video tutorial"

The above is the detailed content of What does chroot do in docker?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn