A container consists of an operating system, user-added files, and meta-data. As we've seen, each container is built from an image. That image tells Docker what the container holds, what process to run when the container is launched, and a variety of other configuration data. The Docker image is read-only. When Docker runs a container from an image, it adds a read-write layer on top of the image (using a union file system as we saw earlier) in which your application can then run.
Containers:
A lightweight isolated user space within a running Linux OS
Containers share Host OS kernel services
Implemented with Linux cgroups, saved as a file system
With Docker: The underlying operating system is abstracted away by the Docker runtime, a “very thin layer” that sandboxes the app and makes it portable. Without the Docker layer, an app would have to be written to deal with different operating systems, different hypervisors (software that enables virtualization), different cloud platforms. You might assume that such a layer of abstraction would slow down an app’s performance, but Hykes claims it does not, in part because it uses capabilities that have existed in the Linux kernel for years. “Linux does the heavy lifting,” Hykes said.
ZDNet: Docker is riding the hype cycle as fast as I can recall ever seeing an enterprise technology go…It is hotter than hot because it makes it possible to get far more apps running on the same old servers and it also makes it very easy to package and ship programs.
Background: Docker 1.0 was released in June 2014, and includes the free Docker Engine (its container standard) and Docker Hub (a repository for 3rd-party services for distributed apps). Docker is open-source.