How Docker runs on your Computer

Docker runs on a Linux Virtual Machine on your computer. If you have Docker installed you can run the following command:

docker version

The result of that commmand will be a bunch of sys info but what we are most interested in is the following line

OS/Arch:          linux/arm64

If you are on a MacOs/Windows machine, you might be confused on why that's Linux as the OS. This because Docker is running inside the Virtual Machine. In the VM, each Docker Container/Process has access to the Linux Kernel. In order for Docker to run, it needs certain features that are only supported in Linux (i.e,namespaces and cgroups).

Linux Specials: namespaces and cgroups

When you are creating a Docker Image, you are essentially defining a snapshot in the filesystem that has references to the dependenies that you want for your applicaiton.

You might have 2 applications that require 2 seperate versions of the same dependency... How would your filesystem know how to manage that? That's where namespaces and cgroups come in.

namespaces

The filesystem in Linux can maintain different versions of the same dependency using namespaces. To define namespaces in simple terms, it is the

Isolating of rescources per process or group of processes.

This feature basically sandboxes resources for each process. This defines what resources a process can use but you also need to define how much of those resources can be used... that's where cgroups or control groups come in.

cgroups (Control Groups)

With resources isolated and defined for each process, we also need to define how much of each resource is allowed per process. If one process uses too much resources it can cause a crash to the whole system which will affect other ongoing processes. To define cgroups in simple terms, it is

Limiting the amount of resources used for each process or group of processes.

Currently namespaces and cgroups don't come by default on every operating system but they avaliable on Linux which is why Docker uses a Linux VM to run.