Docker containers achieve isolation through the Linux kernel technology Namespace; the "Linux Namespaces" mechanism provides a resource isolation solution. The resources under each namespace are transparent and invisible to the resources under other namespaces. Therefore, at the operating system level, there will be multiple processes with the same pid.
The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.
What is the isolation of docker containers?
Docker mainly relies on the Linux kernel technology Namespace to achieve isolation. The Linux Namespaces mechanism provides a resource isolation solution.
PID, IPC, Network and other system resources are no longer global, but belong to a specific Namespace. Resources under each namespace are transparent and invisible to resources under other namespaces. Therefore, at the operating system level, there will be multiple processes with the same pid. There can be two processes with process numbers 0, 1, and 2 in the system at the same time. Since they belong to different namespaces, there is no conflict between them. At the user level, only resources belonging to the user's own namespace can be seen. For example, using the ps command can only list processes under the user's own namespace. This way each namespace looks like a separate Linux system.
The example is as follows: Process isolation
Start a container
docker run -it -p 8080:8080 --name pai-sn pai-sn:snapshot /bin/bash
-it Interactive startup, -p port mapping, –name The container name is followed by the image name, open the shell, and enter the container after startup
View process
ps -ef
Use the top command to view process resources
View the process currently executing the container on the host machine ps -ef|grep pai-sn
From this, we can know that the docker run command starts only one process, and its pid is 4677. As for the container program itself, it is isolated, and only its own internal processes can be seen inside the container. Docker is implemented with the help of the Namespace technology of the Linux kernel.
File isolation
Execute the ls command in the root directory inside the container
Inside the container These folders have been included
The host executes docker info to see what file system our Docker uses
The Docker version is 20.10 .6. The storage driver is overlay2. Different storage drivers behave differently in Docker, but the principles are similar.
The Docker file system is mounted through mount. Execute docker ps command instance id
Execute docker inspect container_id | grep Mounts -A 20 to find Mount the directory on the host machine, check the directory list
and find that this is consistent with the directory of our container, we create a new directory in this directory, and then look See if a new directory will appear inside the container. In fact, file isolation and resource isolation are all done by mounting in the new namespace.
Recommended learning: "docker video tutorial"
The above is the detailed content of What is the isolation of docker containers by?. For more information, please follow other related articles on the PHP Chinese website!
Docker vs. Kubernetes: Use Cases and ScenariosApr 23, 2025 am 12:11 AMSelect Docker in a small project or development environment, and Kubernetes in a large project or production environment. 1.Docker is suitable for rapid iteration and testing, 2. Kubernetes provides powerful container orchestration capabilities, suitable for managing and expanding large applications.
Docker on Linux: Containerization for Linux SystemsApr 22, 2025 am 12:03 AMDocker is important on Linux because Linux is its native platform that provides rich tools and community support. 1. Install Docker: Use sudoapt-getupdate and sudoapt-getinstalldocker-cedocker-ce-clicotainerd.io. 2. Create and manage containers: Use dockerrun commands, such as dockerrun-d--namemynginx-p80:80nginx. 3. Write Dockerfile: Optimize the image size and use multi-stage construction. 4. Optimization and debugging: Use dockerlogs and dockerex
Docker: The Containerization Tool, Kubernetes: The OrchestratorApr 21, 2025 am 12:01 AMDocker is a containerization tool, and Kubernetes is a container orchestration tool. 1. Docker packages applications and their dependencies into containers that can run in any Docker-enabled environment. 2. Kubernetes manages these containers, implementing automated deployment, scaling and management, and making applications run efficiently.
Docker's Purpose: Simplifying Application DeploymentApr 20, 2025 am 12:09 AMThe purpose of Docker is to simplify application deployment and ensure that applications run consistently in different environments through containerization technology. 1) Docker solves the environmental differences problem by packaging applications and dependencies into containers. 2) Create images using Dockerfile to ensure that the application runs consistently anywhere. 3) Docker's working principle is based on images and containers, and uses the namespace and control groups of the Linux kernel to achieve isolation and resource management. 4) The basic usage includes pulling and running images from DockerHub, and the advanced usage involves managing multi-container applications using DockerCompose. 5) Common errors such as image building failure and container failure to start, you can debug through logs and network configuration. 6) Performance optimization construction
Linux and Docker: Docker on Different Linux DistributionsApr 19, 2025 am 12:10 AMThe methods of installing and using Docker on Ubuntu, CentOS, and Debian are different. 1) Ubuntu: Use the apt package manager, the command is sudoapt-getupdate&&sudoapt-getinstalldocker.io. 2) CentOS: Use the yum package manager and you need to add the Docker repository. The command is sudoyumininstall-yyum-utils&&sudoyum-config-manager--add-repohttps://download.docker.com/lin
Mastering Docker: A Guide for Linux UsersApr 18, 2025 am 12:08 AMUsing Docker on Linux can improve development efficiency and simplify application deployment. 1) Pull Ubuntu image: dockerpullubuntu. 2) Run Ubuntu container: dockerrun-itubuntu/bin/bash. 3) Create Dockerfile containing nginx: FROMubuntu;RUNapt-getupdate&&apt-getinstall-ynginx;EXPOSE80. 4) Build the image: dockerbuild-tmy-nginx. 5) Run container: dockerrun-d-p8080:80
Docker on Linux: Applications and Use CasesApr 17, 2025 am 12:10 AMDocker simplifies application deployment and management on Linux. 1) Docker is a containerized platform that packages applications and their dependencies into lightweight and portable containers. 2) On Linux, Docker uses cgroups and namespaces to implement container isolation and resource management. 3) Basic usages include pulling images and running containers. Advanced usages such as DockerCompose can define multi-container applications. 4) Debug commonly used dockerlogs and dockerexec commands. 5) Performance optimization can reduce the image size through multi-stage construction, and keeping the Dockerfile simple is the best practice.
Docker: Containerizing Applications for Portability and ScalabilityApr 16, 2025 am 12:09 AMDocker is a Linux container technology-based tool used to package, distribute and run applications to improve application portability and scalability. 1) Dockerbuild and dockerrun commands can be used to build and run Docker containers. 2) DockerCompose is used to define and run multi-container Docker applications to simplify microservice management. 3) Using multi-stage construction can optimize the image size and improve the application startup speed. 4) Viewing container logs is an effective way to debug container problems.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Atom editor mac version download
The most popular open source editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
