Container Architecture
To isolate the processes running inside a container from its host system, container engine uses the following four features: Namespaces Control Groups Secure Computing Security-Enhanced Linux Namespaces Namespaces are created to limit the reach of a container to its host’s resources. It helps with security and well as limits resources available to the container. Linux command lsns could be used for listing details of namespaces. The namespaces essential for containers are User, Mount, Unix Timesharing System, Process ID, Network, and Inter-Process Communication....