By generating a Docker container, are we lifting a virtual linux passkey in the background?

Question

By generating a Docker container, are we lifting a virtual linux passkey in the background?

Asked 6 years ago

Viewed 91 times

3

A container is necessarily tied to a virtual machine, or it is independent?

2

No, containers are different from virtual machines. Difference between VM and LXC Containers | Docker vs Vagrant, what are the main differences? | How "Docker" and "containers" (LXC, LXD) work?

– Woss

2018/06/11 at 17:31

3 answers

Browser other questions tagged linux docker virtual-machine

You are not signed in. Login or sign up in order to post.

by Lucas Duete • **1,080** points · Answer 1 · 2018-06-20T15:10:19+00:00

When talking about "Are we lifting a virtual linux machine in the background?" , if you are asking if Docker creates a full virtual machine running its own linux kernel and the application itself the answer is no.

What really happens is that Docker uses some linux kernel directives as namespaces to isolate the execution of a container from the rest of the system but all containers run directly on the host kernel.

It is worth noting that this information is true only in linux-based systems, in a Windows, for example, Docker actually raises a linux virtual machine and runs all its containers over the same VM by separating the execution of each container using the same namespace strategy etc.

These links can help you better understand the subject:

https://docs.docker.com/engine/docker-overview/#the-underlying-technology

https://devopscube.com/what-is-docker/

https://forums.docker.com/t/in-docker-for-windows-does-each-container-run-in-separate-vm/19192

by Luiz Carlos Faria • **917** points · Answer 2 · 2019-11-07T11:54:33+00:00

The Linux kernel has been working for decades and the isolation Features consist of the kernel "lying" to the running process in various ways.

Container

In a container, the kernel tells the process that it is running alone. Only it and its subprocessos can see themselves.

In a container, the Kernel creates a virtual logic network and delivers to the process so that apparently, from the point of view of the process, this "network card" is his alone, and therefore the process can listen to absolutely any port in it.

In a container, the kernel lies to the process saying that ROOTFS is a subpath on the file system.

These "lies" cause a process in the container to have the illusion that it is in a virtual machine.

But it’s just an illusion.

The kernel is shared among all the containers of that host, as well as the (containerized) processes are visible to any process that is not containerized.

These features are kernel-level features, that is, have in addition to high-performance little resource allocation to run.

Another curious point is that this model makes everything the operating system needs, only present once, on the host.

The container has only binaries (executables and libraries), configurations, running together (side-by-side) with the other containers, without knowing it.

The flexibility is that all isolation options have exception settings. Where we can only share what we want, when we want.

VM

In a VM, the subprocess uses Kernel and Processor Features to create an all-virtual infrastructure.

This means that within the VM a new kernel will be required, and so on.

by Eduardo Reimberg • 41 points · Answer 3 · 2018-06-12T14:21:17+00:00

Although the container has the structure and appearance of a VM, its purpose is to run only one process. If you need to run a Nginx, for example, only the process will run inside the container. This way, you can test tools without the need for installation in the OS. Always keep in mind that the purpose of the container is process.