3

Docker isn't a VM so it only runs apps native to the OS, right? Does that mean Docker for Windows only runs Windows .exe files? So Docker containers for Windows and Linux, what do they have in common, if anything? Are containers reusable on different operating systems in any way?

mohan08p
  • 5,002
  • 1
  • 28
  • 36
Yuri Geinish
  • 16,744
  • 6
  • 38
  • 40
  • The images in docker are gnu/linux only, there is no windows or osx containers, so the docker daemon runs a linux vm in ackground in windows and osx OSs. – Ramo Sep 04 '18 at 11:05
  • @shi docs mention linux and windows containers specifically - https://docs.docker.com/docker-for-windows/ . If it just runs a linux vm on windows, what is a windows container? – Yuri Geinish Sep 04 '18 at 11:26
  • the url's content does not contradict with what i've say, docker it self runs on a linux vm in case of windows or osx os. In general containers are processes, and in windows and macos they are processes running inside the vm. And as far as i know you can't run a windows or osx container(having other then linux) with docker. – Ramo Sep 04 '18 at 12:38
  • ahah, Docker does not run .exe files, it run linux binaries only, inside linux directly(native) or via a vm. – Ramo Sep 04 '18 at 12:57
  • @shi Docker docs clearly define what a container (a runtime environment built from an image) is and refer to Linux and Windows containers separately, yet you say there are no Docker Windows containers, which is clearly a contradiction. I feel there is a great confusion in terms used and hope someone can clear that up. – Yuri Geinish Sep 04 '18 at 14:09
  • sorry, it seems that there is windows container https://www.docker.com/products/windows-containers here https://docs.docker.com/docker-for-windows/install/#about-windows-containers they talk about switching between windows and linux containers so i think that windows and linux containers have nothing in common(docker error after a pull on linux "image operating system "windows" cannot be used on this platform") at the end if you mean by OS the host of docker then docker guarantee an isolation between the os and the container(therefor the app) so a container will run the same no matter where. – Ramo Sep 04 '18 at 16:07

1 Answers1

4
  • "Docker isn't a VM"

Correct, containers should be considered as processes running in a sandbox. If you search about how this isolation takes place in Linux, you'll definitely run into namespaces & cgroups. One definition of containers I've seen lately states that:

"containers are processes born from tarballs, anchored to namespaces and controlled by cgroups"

enter image description here

photo by Dan Mayer, #LeadDevLondon - June 2018

You can also find some interesting stuff regarding linux containers here: Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon by Jérôme Petazzoni


  • Docker for Windows only runs Windows .exe files?

No. Consider that a developer with a Windows PC might work on linux based containers that are later deployed to the cloud. Docker for Windows brings this flexibility, BUT if you run linux containers, these will be running on some kind of virtualization environment. Initially, Docker toolbox was using Oracle Virtualbox, now Docker for Windows uses Hyper-V.

I don't know much about how the isolation takes place inside the Windows OS but I think the logic is similar to Linux. Some info about Windows containers:

Windows Container Types

Windows Containers include two different container types, or runtimes.

Windows Server Containers – provide application isolation through process and namespace isolation technology. A Windows Server Container shares a kernel with the container host and all containers running on the host. These containers do not provide a hostile security boundary and should not be used to isolate untrusted code. Because of the shared kernel space, these containers require the same kernel version and configuration.

Hyper-V Isolation – expands on the isolation provided by Windows Server Containers by running each container in a highly optimized virtual machine. In this configuration, the kernel of the container host is not shared with other containers on the same host. These containers are designed for hostile multitenant hosting with the same security assurances of a virtual machine. Since these containers do not share the kernel with the host or other containers on the host, they can run kernels with different versions and configurations (with in supported versions) - for example all Windows containers on Windows 10 use Hyper-V isolation to utilize the Windows Server kernel version and configuration.

Running a container on Windows with or without Hyper-V Isolation is a runtime decision. You may elect to create the container with Hyper-V isolation initially and later at runtime choose to run it instead as a Windows Server container.


  • Windows and Linux, what do they have in common, if anything?

In general, I would answer that containers serve the idea of Microservices, separation of concerns, do one thing & do it well.


  • Are containers reusable on different operating systems in any way?

Yes and No. You may face limitations. For example, if you have an application that starts FROM ubuntu:latest and want to make it work on a raspberry Pi, you will have to build a new container from a base image that is made for arm architecture. Docker is not an abstraction that will take any container and make it work on any architecture, OS... You have to know what you are trying to achieve and carefully make your decisions on what you finally choose to use.

tgogos
  • 23,218
  • 20
  • 96
  • 128
  • Just for clarity, straight from the Docker docs: "Docker provides the ability to package and run an application in a loosely isolated environment called a container." -- https://docs.docker.com/engine/docker-overview/ So, according to Docker, containers aren't processes and processes aren't containers. Thanks for the info though. – Yuri Geinish Sep 04 '18 at 14:05
  • a container is a processes docker call it a container but technically it is a process. and the link you gave says nothing about this – Ramo Sep 04 '18 at 16:13
  • I found my source... It was by @alicegoldfuss at #LeadDevLondon, June 2018, ["containers are processes born from tarballs, anchored to namespaces and controlled by cgroups"](https://twitter.com/lucacanducci/status/1011909897640927232?s=19) – tgogos Sep 04 '18 at 21:29