The What, Why and How of Containers

The problem It all starts with chroot $ apropos chroot chroot - run command or interactive shell with special root directory chroot - change root directory. Chroot is a kernel mechanism available since early versions of UNIX that allows to run a process as with an alternate root directory. Jails on Free BSD. FreeBSD jails basically take chroot and build upon it by adding mechanism to isolate and control the use of other system resources beside the filesystem. Control groups are a mechanism in Linux that allows to control which how much of the system resources a process can use. First you populate the subtree that your container will have access too, ready to be chroot'ed in. Then you create namespaces for all you need to isolate Finally you run your containerized process within your namespaces, chroot'ed to its subtree. In practice you don't need to make them from scratch, people already have made systems for managing containers with nicer user interfaces.