Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chroot vs Docker

Tags:

linux

docker

chroot

I'm trying to learn the basics about containers (Docker in this case). As far as I learn from the Docker doc and several readings, Docker basically provides isolation by running the container using runc (previously using LXC). Either ways it uses the same kernel as the host machine. Thus, the container image needs to be compatible with the host kernel. I find this very similar to what a chroot does. Could somebody explain to me any differences and/or advantages on using Docker rather than chroot? (besides the extras provided by Docker as packaging, docker-hub, and all the nice features provided by Docker)

like image 541
rkachach Avatar asked Sep 27 '17 14:09

rkachach

People also ask

Is Docker similar to chroot?

It's an open source project and provides the same basic functionality the Docker engine does but without root privileges. It works by creating a chroot -like environment over the extracted container and uses various implementation strategies to mimic chroot execution with just user-level privileges.

What is chroot container?

It's a Linux command that allows you to set the root directory of a new process. In our container use case, we just set the root directory to be where-ever the new container's new root directory should be.

What does chroot do in Linux?

A chroot (short for change root) is a Unix operation that changes the apparent root directory to the one specified by the user. Any process you run after a chroot operation only has access to the newly defined root directory and its subdirectories.

1 Answers

Docker allows to isolate a process at multiple levels through namespaces:

  • mnt namespace provides a root filesystem (this one can be compared to chroot I guess)
  • pid namespace so the process only sees itself and its children
  • network namespace which allows the container to have its dedicated network stack
  • user namespace (quite new) which allows a non root user on a host to be mapped with the root user within the container
  • uts provides dedicated hostname
  • ipc provides dedicated shared memory

All of this adds more isolation than chroot provides

like image 59
Luc Avatar answered Sep 22 '22 08:09

Luc
Sign in to Comment

Related questions

How can I read documentation about built in zsh commands?
curl: (6) Could not resolve host: google.com; Name or service not known
select vs poll vs epoll [closed]
Command line program to create website screenshots (on Linux) [closed]
How do I uninstall a program installed with the Appimage Launcher? [closed]
Avoid gnome-terminal close after script execution?
How to open some ports on Ubuntu?
Why does /bin/sh behave differently to /bin/bash even if one points to the other?
How do I know if I'm running a nested shell?
first two results from ls command
How to open port in Linux [closed]
How to check if a file exists and is readable in C++?
How to get the percentage of memory free with a Linux command? [closed]
Core dump file is not generated
what does "bash:no job control in this shell” mean?
How to send HTML email using linux command line
How can I split one text file into multiple *.txt files?
How to use export with Python on Linux
How to use gem to install Rails on Ubuntu
What are the differences between (and reasons to choose) tcmalloc/jemalloc and memory pools?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!