containers-internals, an experiment from various youtube channels and blogs to understand how container technology works under the hood.
The trick :
chrootcommand. This changes the root of the file system and attaches the/to any child dir. Hence provides files system isolation.namespacesa legacy unix concept andunsharecommand helps to isolate processes and other system calls.cgroupsor control groups restricts the usage of the host system by the child process which is running the container.
- Execute command
git clone https://github.com/hclpandv/containers-internals.gitto download the files - Execute
cd containers-internals && sudo chmod u+xto get into the directory and ensure the setup-demo.sh file is executable. - Execute
./setup-demo.sh
- On host system :
unshare -p -f --mount-proc $PWD/fakeroot/proc chroot fakeroot /bin/sh