24

In Docker ,guest OS share same kernel as Host OS have .

Can someone elaborate more on it.

Let I have centos os which have some kernel version ,when we pull ubuntu image then it have different kernel ,then how can we say that they have same kernel?

gaurav
  • 421
  • 1
  • 6
  • 16

2 Answers2

32

when we pull ubuntu image then it have different kernel

No it does not: it does not have the kernel part: it relies on the kernel of the host (the one running docker engine) for all system calls.

As mentioned in "Docker vs Virtualization":

Initially Docker was built as an abstraction layer on top of Linux Containers (LXC). LXC itself is a just an API for the Linux containment features.
Starting with Docker 0.9, LXC is not the default anymore and has been replaced with a custom library (libcontainer) written in Go. Overall libcontainer’s advantage is a more consistent interface to the Kernel across various Linux distributions. The only gotcha is that it requires Linux 3.8 and higher.

See more at "Why Understanding User Space vs. Kernel Space Matters".
Also "Operating System Containers vs. Application Containers":

Containers are the products of operating system virtualization. They provide a lightweight virtual environment that groups and isolates a set of processes and resources such as memory, CPU, disk, etc., from the host and any other containers.
The isolation guarantees that any processes inside the container cannot see any processes or resources outside the container.

https://risingstack-blog.s3-eu-west-1.amazonaws.com/2015/05/os-virtualization.jpg

OS containers are virtual environments that share the kernel of the host operating system but provide user space isolation

https://risingstack-blog.s3-eu-west-1.amazonaws.com/2015/05/os-containers.jpg

As mentioned in "Do all Linux distros use the same kernel?", a kernel can be shared accross distro, even if each distro has its own configuration of the kernel.

If you need more isolation, consider gVisor (https://github.com/google/gvisor), a container sandbox runtime focused on security, efficiency, and ease of use. (2018).
See Architecture:

https://gvisor.dev/docs/architecture_guide/Layers.png

gVisor intercepts application system calls and acts as the guest kernel, without the need for translation through virtualized hardware.

gVisor may be thought of as either a merged guest kernel and VMM, or as seccomp on steroids.
This architecture allows it to provide a flexible resource footprint (i.e. one based on threads and memory mappings, not fixed guest physical resources) while also lowering the fixed costs of virtualization.
However, this comes at the price of reduced application compatibility and higher per-system call overhead.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Von,can you please elaborate more how it rely on host kernel ,if it is pulling its own kernel – gaurav Sep 24 '15 at 08:50
  • 3
    @gaurav it is *not* pulling its own kernel: it relies on the kernel already present. – VonC Sep 24 '15 at 08:54
  • Voc,but we know centos ,ubuntu have different kernel then how can it rely on host kernel,how ubuntu can use centos kernel – gaurav Sep 24 '15 at 08:57
  • 1
    @gaurav the ubuntu image you are pulling does not include the kernel, only an ubuntu-like filesystem. – VonC Sep 24 '15 at 08:59
  • Von,I agree with you, but how ubuntu can use centos kernel (2.6).If we see for ubuntu image seprately it have differnet kernel version (3.6). – gaurav Sep 24 '15 at 09:09
  • Von, i have confusion that how Ubuntu can use someone else kernel – gaurav Sep 24 '15 at 09:14
  • @gaurav that is because the ubuntu image doesn't include any kernel. A full Ubuntu OS has, like you say, a 3.6 kernel. But a docker Ubuntu image has no kernel. It relies on the one provided by the host executing the docker engine. – VonC Sep 24 '15 at 10:15
  • Von,ok !! it means Ubuntu can use centos kernel .if yes,then how it can use ..Does ubuntu and centos have same kernel – gaurav Sep 24 '15 at 10:38
  • @gaurav they have the same Linux kernel, with slight variation: http://askubuntu.com/a/172932/5470 – VonC Sep 24 '15 at 10:45
  • 2
    @VonC I don't know what's more impressive - your patience in the comments or the quality in your answer :) ! Either way, great job! – DeepSpace101 Mar 05 '20 at 02:22
  • So let say "Docker containers share a linux kernel from the host os" then the host os is from Docker engine not OS of PC. and the host is Linux OS ? – David kim Jan 07 '22 at 11:55
  • @Davidkim A Docker engine on Windows (https://rtfm.co.ua/arch-git-github-com-errnoconnection-refused/) would use https://en.wikipedia.org/wiki/Hyper-V in order to run Linux Docker images. The Linux container would therefore communicate with a Linunx kernel (the one from the HyperV VM). Demo: https://www.youtube.com/watch?v=QCGaI1bh4eM – VonC Jan 08 '22 at 21:09
4

Docker was using LinuX Containers (LXC) earlier, but switched to runC (formerly known as libcontainer), that runs in the same operating system as its host. This allows it to share a lot of the host operating system resources. It also uses layered filesystems like AuFS. It also manages the networking for you as well.

AuFS is a layered file system, so you can have a read only part, and a write part, and merge those together. So you could have the common parts of the operating system as read only, which are shared amongst all of your containers, and then give each container its own mount for writing.

So let's say you have a container image that is 1GB in size. If you wanted to use a Full VM, you would need to have 1GB times x number of VMs you want. With LXC and AuFS you can share the bulk of the 1GB and if you have 1000 containers you still might only have a little over 1GB of space for the containers OS, assuming they are all running the same OS image.

VizardCrawler
  • 1,343
  • 10
  • 16