I'm trying to learn the basics about containers (Docker in this case). As far as I learn from the Docker doc and several readings, Docker basically provides isolation by running the container using runc (previously using LXC). Either ways it uses the same kernel as the host machine. Thus, the container image needs to be compatible with the host kernel. I find this very similar to what a chroot does. Could somebody explain to me any differences and/or advantages on using Docker rather than chroot? (besides the extras provided by Docker as packaging, docker-hub, and all the nice features provided by Docker)
It's an open source project and provides the same basic functionality the Docker engine does but without root privileges. It works by creating a chroot -like environment over the extracted container and uses various implementation strategies to mimic chroot execution with just user-level privileges.
It's a Linux command that allows you to set the root directory of a new process. In our container use case, we just set the root directory to be where-ever the new container's new root directory should be.
A chroot (short for change root) is a Unix operation that changes the apparent root directory to the one specified by the user. Any process you run after a chroot operation only has access to the newly defined root directory and its subdirectories.
Docker allows to isolate a process at multiple levels through namespaces:
All of this adds more isolation than chroot provides
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With