Process container and namespace, rootfs

Others 2019-09-03 21:05:05 views: null

One: What is the container

The nature of the container is a special process .

There are two important concepts in linux container: Namespace and Cgroups.

Namespace is the role of isolation , so that the process can only see Namespace in the world;

Cgroups role is to limit , let the "world" surrounded by an invisible wall.

This realization of the process in the room we saw a secluded, this room is Pass project survival "sandbox."

 

Two: What is Namespace

After entering the container, the application process ps command to see the process container is No. 1, this is actually pid namespace cause, he is actually a cover-up,

Let you see is similar to a new virtual machine to the new environment, in fact, is not the same, a process container is running, and other processes in the vessel is pid for the child process 1.

In addition to just pid namespace, there are other namespace as follows:

 Container is how the new namespace?

 docker create a container, in fact, a fork system call linux,

During fork called, passing some of the flag argument, which can control the namespace to call the new linux kernel.

 

Three: rootfs

Mounted on the container root directory for the file system after execution environment to provide isolation for container process, the so-called "container mirror." It also has a more professional name, called: rootfs (root file system).

rootfs container consists of three parts, 1: Read-only layer 2: writable layer, 3: init layer

1. Read-only layer: are incrementally each including a part of the operating system.

2. can read and write: that is designed to store you generate incremental modified rootfs, either add, delete, change, have taken place here. And when we used after this container has been modified, it may also be used docker commit and push instructions, save that the modified layer can be read, and uploaded to the Docker Hub, for use by others; the same time, the original read-only layer in the content not notice any changes. This is the incremental rootfs benefits.

3.Init layers: an internal layer Docker items generated separately /etc/hosts,/etc/resolv.conf specifically used to store information.

 

Guess you like

Origin www.cnblogs.com/yaohong/p/11438033.html
Recommended
Ranking
java项目001.双色球游戏
How to load application.properties in Spring Boot multi-module project
Use vue3 to simulate Mac dock mouse hover animation
2020.04.06 UCF Local Programming Contest 2017
基本语法--流程控制语句
component 和components
Ai Yongliang: What should companies do if they encounter problems? Two steps to teach you to disassemble
[Vue] vue-i18n handover using English
Midjourney keyword sharing! Attached is the output AI painting reference map
"WAP" first assignment: team debut
Daily
More
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)

Code World

© 2018 codetd.com