On Tue, Aug 16, 2016 at 9:23 PM, Tiglath <tiglathsur...@gmail.com> wrote:
> > The documenataion reads: > > "A container consists of an operating system, user-added files, and > meta-data." > > I understood containers shared an underlying operating system and that is > what distinguished them from a VM. > > True or false? > > Be aware that an OS generally consists of 2 main components, 1) the Kernel and 2) the userland programs / binaries and their runtime libraries dependancies. A linux container is built on the newer linux kernel features known as namespaces / cgroups etc. whereby a single process cannot see the other processes or files running on a system allongside of it. This makes these process containers the linux equivalent of FreeBSD jails. So a container is its own self-contained runtime instance that can only see those other things on the computer which you have specifically permited it to. Hence mounting a folder as a volume, etc. There are also other configuration options to see other the proceses or communicate with them somehow etc. But generally speaking, the container will spawn its own child processes to do all work and interaction with other programs is kept to a minimum. And that isolation / self-reliance / better security is the whole point of containers. The difference between docker and freebsd Jails (and also LXC, and the linux kernel containers feature upon which Docker is built ontop) is that the extra layer of functionality, simplicity, and 'hiding away' many repetitive and un-necessarily complex layer underneath. That means less low-level manipulations = more productivity / faster time to end results. VMs are a program running entire virtual computers. The whole computer is emulated including the hardware. That is harder to manage / re-use / share (the VM images), and its also not so clean, uses much more RAM. Which in terms of use of resources can be less effecient. Even though VMs can execute nearly as fast, its still more overheads (especially the RAM usage in particular, but may also be disk too), and not such a simple and fundamentally built-in feature of the Linux Kernel. So use a VM for running a virtual PC. And use a container for running an individual program or service in a protected (sandboxed) environment. -- You received this message because you are subscribed to the Google Groups "docker-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to docker-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
