Containers:
Under the Hood
Vincent Batts @vbatts
$> finger $(whoami)
Login: vbatts Name: Vincent Batts
Directory: /home/vbatts Shell: /bin/bash
Such mail.
Plan:
OHMAN
$> id -Gn
devel opencontainers docker appc redhat golang slackware
Hands-on:
- capabilities
- Syscalls
- Namespaces
- Copy-On-Write (CoW)
- Archives
p.s. Don't forget to fill out the surveys!
So,
Why, Containers?
Single Application
Full System
But Not a VM
Except Maybe a VM
Pods of applications
Labels of services
Non-root
Desktop Applications
OMG AND CATS
But Wait,
What does "container" mean to you?
Capabilities
- capabilities(7)
- setpriv(1) (only on some versions of util-linux)
- capsh(1)
- proc(5)
Demo
Good Idea:
Bad Idea:
whistling while you work
whistling while you eat
Demo
Syscalls
Good Idea:
Bad Idea:
feeding a stray kitten in the park
feeding a stray kitten in the park to a bear
Demo
Namespaces
Good Idea:
Bad Idea:
playing catch with your grandpa
playing catch with your grandpa
Demo
Copy-on-write (COW)
Good Idea:
Bad Idea:
being served breakfast in bed
being served tennis balls in bed
FS *MAGIC*
Good Idea:
Bad Idea:
ordering a chili dog to go
ordering a chili dog that makes you go
tar archives
Good Idea:
Bad Idea:
Dressing up at Halloween as a pirate
Dressing up at Halloween as a piñata
Thanks!
Vincent Batts
@vbatts| vbatts@redhat.com
Containers: Under the hood [2016 DevNation]
By Vincent Batts
Private
Containers: Under the hood [2016 DevNation]
Overview of where we've gotten so far on container standards, and how we're moving forward. The OpenContainer Initiative is the best option for standardizing common interfaces and reducing risk on the long-term for the container ecosystem.