Skip to content

Instantly share code, notes, and snippets.

@woshahua

woshahua/docker.md

Created December 15, 2019 05:51
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
docker making tutorial
Raw
docker.md
  • clone一个namespace隔离的进程???
  • fork什么意思

MountFlag

  • MSNOEXEC no other application is allowed to run inside this system
  • MS_NOSUID not allowed to do set-user-ID or set-group-ID
  • MS_NODEV this is a default parameter set for linux

syscall.Exec

  • what is the point, this is like run the command inside the system ?
  1. the first process inside the container, which PID = 1 is the process init
  2. this is strange, cause there shouldn't be a process when you init a container
  3. when you try to kill PID = 1 process, this is not allowed(why, you cant let the container with zero process ?)
  4. cause when you kill this, the container is killed too
  5. syscall.Exec actually called execve command inside kernel.

what is systemd

  • I dont know

docker on windows

  • hyper-V is a virtual machine for windows to run linux
  • docker is just run on this linux on windows

ref.

PID: Process ID, shows the process identification number.

TTY: Identifies the terminal from which the process was executed.

TIME: Shows the processor’s time occupied by the program.

CMD: Shows the command used to launch the process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment