Meetup - Red Hat - Techtalks Copenhagen
What are containers, how do they work. and some details about RHEL Atomic
http://www.meetup.com/Red-Hat-Tech-Talks-DK/
3. Namespaces
namespace wraps a particular global system
resource in an abstraction that tells the
processes within the namespace that they have
their own isolated instance of the global
resource
4. Namespaces
Mount - CLONE_NEWNS, Linux 2.4.19
IPC - CLONE_NEWIPC, Linux 2.6.19
PID - CLONE_NEWPID, Linux 2.6.24
UTS - CLONE_NEWUTS, Linux 2.6.19
Network - CLONE_NEWNET, started in Linux 2.6.24
User - CLONE_NEWUSER, started in Linux 2.6.23
5. Cgroups
Control Groups provide a mechanism for
aggregating/partitioning sets of
tasks, and all their future children, into
hierarchical groups with
specialized behaviour.
Ref: Kernel.org
8. Software packaging concept that typically includes an application and all of its runtime
dependencies.
● Easy to deploy and portable
across host systems
● Isolates applications on a
host operating system. In RHEL,
this is done through:
● Control Groups (cgroups)
● kernel namespaces
● SELinux, sVirt
What is?
9. Loose 1 not all
...and compromised, there is far less exposure.
Only the container process is lost – lose the
process not the system.