Home > Article > Operation and Maintenance > What does docker process isolation mean?
What does docker process isolation mean?
- WBOYOriginal
- 2022-06-22 16:04:232826browse
In docker, process isolation means running each container in its own process environment; Docker mainly uses the Linux kernel technology Namespace to achieve isolation. The "Linux Namespaces" mechanism provides a Resource isolation scheme.
The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.
What does docker process isolation mean
Process isolation: Each container runs in its own process environment
Isolation principle
Docker mainly relies on the Linux kernel technology Namespace to achieve isolation. The Linux Namespaces mechanism provides a resource isolation solution. System resources such as PID, IPC, and Network are no longer global, but belong to a specific Namespace.
The resources under each namespace are transparent and invisible to the resources under other namespaces. Therefore, at the operating system level, there will be multiple processes with the same pid. There can be two processes with process numbers 0, 1, and 2 in the system at the same time. Since they belong to different namespaces, there is no conflict between them. At the user level, only resources belonging to the user's own namespace can be seen. For example, using the ps command can only list processes under the user's own namespace. This way each namespace looks like a separate Linux system.
Process Isolation
Start a container
docker run -it -p 8080:8080 --name pai-sn pai-sn:snapshot /bin/bash
-it interactive startup, -p port mapping, –name The container name is followed by the image name, open the shell, and enter the container after startup
View the process
ps -ef
Use the top command to view the process resources
Check the process of the currently executing container on the host machine ps -ef|grep pai-sn
From this, we can know that the docker run command starts only one process, and its pid is 4677 . As for the container program itself, it is isolated, and only its own internal processes can be seen inside the container. Docker is implemented with the help of the Namespace technology of the Linux kernel.
Recommended learning: "docker video tutorial"
The above is the detailed content of What does docker process isolation mean?. For more information, please follow other related articles on the PHP Chinese website!