Docker vs VM¶
1. How docker isolates processes¶
- Docker makes user of Linux kernel namespaces to isolate a process within the kernel.
- Docker does not virtualise hardware.
- Docker does not virtualise an application layer.
Docker uses the kernel to give applications an isolated view of the operating system, while sharing the same kernel.
Docker achieves this by combining:
chroot + namespaces + cgroups = containers
Practically, Docker: - Creates a normal Linux process - Places it into multiple namespaces - Applies cgroup limits - Sets up mounts and networking
The process: - Uses normal system calls - Runs on the real kernel - Is scheduled by the real OS
2. Containers vs Virtual Machines¶
- Virtual machines virtualise the entire operating system:
- Hardware
- Kernel
- User space
- Containers isolate processes:
- Same kernel
- Different views of kernel resources