Linux containers exist for a while and are now a mainstream topic. This is an introduction on how they are created and what they actually are made of. If you want to see the code then head directly to the GitHub repo otherwise read on the topic you are interested in.
!!! note Any suggestions or comments are welcome please don't hesitate and file an issue on GitHub.
Containers in some form exist for quite while even though we don't always think of them as containers.
Linux container to put it simply it is a usual Linux process (or group of processes) with a limited (altered) view of the system.
It is achieved by utilizing Operating system level virtualization.
Follwing are the kernel features and other bits needed to build containers from scratch.
One topic which is not covered although it should is capabilities(7) and privilages like low port binding .
It is a simple educational Linux container runtime. It is intentionally simple and leaves a lot of stuff out. It is a single C file of roughly 500 lines including comments showing the core features of the Linux used to build containers. It includes also the creation of a container from an image to clarify how images and containers are related.
Part of the project is also
a nsexec binary
which is is a very simple program that executes a local (host) command
in Linux namespaces. See nsexec --help to see what namespaces are
available. Usage is very simple sudo ./nsexec -pnu myhost bash will
start a new bash in new pid, network and UTS namespace.