Tagged in


Container and Cgroups

Cgroups is a Kernel feature that organizes processes into hierarchical groups to limit and monitor their system usage such as CPU, memory, disk, network and so on.

The Linux kernel provides a pseudo-filesystem named cgroupfs as the interface. A cgroup is a set of processes which has settings in cgroupfs …

Container and UnionFS

Union File System or UnionFS variants such as AUFS, btrfs, vfs, and devicemapper are the file system that used by most container engines. It allows files and directories of separate file systems overlaid one by one, forming a final single coherent file system.

A typical pattern is that we define …

Container and Namespace

Namespace enables us having the same name for some global system resources. For example, A PID namespace empowers the process inside the namespace running with 1 as PID, which at the same time, init is running with 1 as PID in the regular namespace.

Container PID namespace

The namespace has various kinds. You …

Container and nsenter

Nsenter is a utility enters the namespaces of one or more other processes and then executes the specified program. In other words, we jump to the inner side of the namespace.

Keep above unshare command running, and let's create a new session. This time, we run a program in the …

Container and unshare

Unshare is a utility running program with some namespaces unshared from a parent. We create a new PID namespace below.

[user@julin1 ~]$ sudo unshare --fork --pid --mount-proc sh
[sudo] password for user: 
sh-4.2# ps aux
root         1  0 …


Many people have heard of the container for a while or even use it every day. However, a question like "what is container" or "how container works" might still rise.

In this post, we will deep dive into the container.


Before container era, we usually use visualization technology to …