-
Notifications
You must be signed in to change notification settings - Fork 0
Containers on Linux
Gustavo Armenta edited this page Apr 27, 2017
·
2 revisions
This info comes from watching the video: What Have Namespaces Done for You Lately?
Namespaces
- Container has a root directory that is a leaf directory on host file system
- Container can mount a temporary file system to write files in memory. Files are not visible to host but can be leaked by reading /proc/pid/mounts
- Container has its own list of processes and it is visible to host
- Container has its own environment variables but can be leaked to host by reading /proc/pid/environ
CGroups
- Limit CPU usage
- Limit memory usage
- Limit number of processes