undefined | Better HN

0 pointsotabdeveloper44y ago0 comments

A Docker image is really just a .tar.gz under the hood, with a little bit of metadata.

A Docker image is really just a chroot + some cgroups resource limits.

0 comments

> A Docker image is really just a chroot + some cgroups resource limits.

No, because an image specifies nothing about the runtime. Just add a Kernel and bootloader and one can boot most images. Further most container runtimes include a lot more than chroot and resource limits. Namespace isolation (process, user, network), seccomp rules, SELinux contexts, etc.

otabdeveloper4OP4y ago

> Just add a Kernel and bootloader and one can boot most images.

Certainly not true of any of the images I work with.

amarshall4y ago

What sort of images are you working with? I can fairly straightforwardly boot debian:stable with no modifications to the image using direct kernel boot. Is everything perfect? No, but it does boot.

1 more reply

j / k navigate · click thread line to collapse

0 pointsotabdeveloper44y ago0 comments

A Docker image is really just a .tar.gz under the hood, with a little bit of metadata.

A Docker image is really just a chroot + some cgroups resource limits.

0 comments

amarshall4y ago

> A Docker image is really just a chroot + some cgroups resource limits.

otabdeveloper4OP4y ago

> Just add a Kernel and bootloader and one can boot most images.

Certainly not true of any of the images I work with.

amarshall4y ago

What sort of images are you working with? I can fairly straightforwardly boot debian:stable with no modifications to the image using direct kernel boot. Is everything perfect? No, but it does boot.

1 more reply

j / k navigate · click thread line to collapse