Linux Kernel Virtualization Features
Linux containers are implemented using certain kernel virtualization features.
pivot_root
Sets a process root directory to a directory with contents of container images.
cgroups
Used to limit CPU usage and memory for a group of linux processes
namespaces
The namespaces allow linux processes to have their own network, hostname, identification, users and more.
seccomp-bpf
Security filter provides a means for linux process to filter incoming system calls and prevent dangerous ones.
capabilities
Security methods to avoid granting root access to processes.
overlay filesystems
Optimization technique to minimize the disk space used by containers running on same image.
This is a follow up to my experience with linux kernel, if you need an introduction please check my original post where I go through containers.
If you need take decision between containers and virtual machines, please check this post where I compare both of these virtualization solutions.
