Chroot vs Docker

linux docker chroot
23,830

Docker allows to isolate a process at multiple levels through namespaces:

  • mnt namespace provides a root filesystem (this one can be compared to chroot I guess)
  • pid namespace so the process only sees itself and its children
  • network namespace which allows the container to have its dedicated network stack
  • user namespace (quite new) which allows a non root user on a host to be mapped with the root user within the container
  • uts provides dedicated hostname
  • ipc provides dedicated shared memory

All of this adds more isolation than chroot provides

Share:
23,830
rkachach
Author by

rkachach

Updated on June 14, 2020

Comments

  • rkachach
    rkachach almost 4 years

    I'm trying to learn the basics about containers (Docker in this case). As far as I learn from the Docker doc and several readings, Docker basically provides isolation by running the container using runc (previously using LXC). Either ways it uses the same kernel as the host machine. Thus, the container image needs to be compatible with the host kernel. I find this very similar to what a chroot does. Could somebody explain to me any differences and/or advantages on using Docker rather than chroot? (besides the extras provided by Docker as packaging, docker-hub, and all the nice features provided by Docker)

  • BMitch
    BMitch over 6 years
    There are also cgroups (for cpu and memory limits), reduced capabilities, seccomp, selinux/apparmor, and ulimits. The filesystem is also layered, potentially read only, and allowed to be overlaid with volume mounts.
  • F1Linux
    F1Linux over 2 years
    Great answer Luc, but could be improved incorporating @BMitch 's feedback into the answer itself where it won't be potentially missed.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to run docker inside chroot
How to disallow the Docker Daemon to mount host's root file system into the container
How to use/test pivot_root?
Can't open lib 'ODBC Driver 17 for SQL Server' : file not found
Why is crond failing to run a non-root crontab on alpine linux?
Set docker image username at container creation time?
nslookup reported "can't resolve '(null)': Name does not resolve" though it successfully resolved the DNS names
docker - change default login user
How to remount the /proc filesystem in a docker as a r/w system?
Docker container exited with exit code 2 "sh can't open 'start_script.sh': No such file or directory"