this post was submitted on 03 Jul 2023

1009 points (98.2% liked)

Programmer Humor

19468 readers

15 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

1009

You know who you are (programming.dev)

submitted 1 year ago by jerodsanto to c/programmer_humor

67 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] declination 3 points 1 year ago

I can't remember exactly what all the pieces are. However, I believe its a combination of

cgroups: process isolation which is why you can see docker processes in ps/top/etc but you can't for vms. I believe this is also what gets you the ability to run cross distro images since the isolation ensures the correct shared objects are loaded
network namespaces: how they handle generating the isolated network stack per process
some additional mount magic that I don't know what its called.

My understanding is that all of the neat properties of docker are actuall part of the kernel, docker (and podman and other container runtimes) are mostly just packing them together to achieve the desired properties of "containers".