1. Introduction
  2. Run a PHP application in LAMP
  3. Linux Images - From debs to images
  4. Linux containers - From normal processes to containers
  5. Install Docker
  6. Running Containers
  7. Dockerfiles
  8. Volumes and Networks
  9. Docker Compose
  10. Final Assignment

Linux Containers

⏱ 8 mins remaining

Linux containers - From normal processes to containers

What is a process ?

In Linux, a process is a running instance of a program or command. It represents the execution of a program in a system and is managed by the kernel. Each process has its own unique process ID (PID) and runs in its own isolated memory space. Here’s an overview of key aspects of a Linux process.

Each Linux process has the following:

  • Process Attributes:

    • PID (Process ID): A unique identifier assigned to each process.
    • PPID (Parent Process ID): The PID of the process’s parent.
    • UID (User ID) and GID (Group ID): The user and group identifiers associated with the process.
    • Priority and Nice Value: Indicators of the process’s priority in the system.

  • Resources Available to a Process:

    • Memory Space.
    • File Descriptors: Represent open files, sockets, or other I/O channels.
    • Environment Variables: Environmental settings for the process.
    • Registers: Processor registers used for computation and control.

💡 What are the limitations of normal processes?

Open Discussion: What do you think are normal processes limitations.

How does a container run ?

  • Namespaces:
    • PID Namespace (pid): Isolates the process ID number space, allowing processes within the namespace to have their own set of PIDs.
    • Network Namespace (net): Isolates network-related resources, including network interfaces, routing tables, firewall rules, and sockets. Each network namespace has its own set of these resources.
    • Mount Namespace (mnt): Isolates the filesystem mount points. Processes in different mount namespaces can have different filesystem hierarchies.
    • UTS Namespace (uts): Isolates the system identification and hostname. Each UTS namespace can have its own hostname.
    • IPC Namespace (ipc): Isolates interprocess communication resources, such as System V IPC objects (message queues, semaphores, shared memory).
    • User Namespace (user): Isolates user and group IDs. Processes in different user namespaces can have different views of user and group identities.
  • Cgroups
  • Security: SeLinux, Capabilities, Seccomp

What are containers advantages ?

  • Encapsulation: Containers encapsulate an application along with its runtime, libraries, and dependencies. This encapsulation ensures that the application runs consistently across various environments.
  • Isolation: Containers use operating system-level virtualization to isolate processes and resources. Each container runs in its own user space, providing process and file system isolation.
  • Portability: Containers can run consistently on any system that supports containerization, regardless of the underlying infrastructure. This portability is enabled by packaging the application and its dependencies together.
  • Efficiency: Containers share the host operating system’s kernel, making them more lightweight than traditional virtual machines. This results in faster startup times and efficient resource utilization.