Overview
A minimal Linux container runtime that creates isolated process environments using Linux namespaces, cgroups v2, and chroot. Built to understand how Docker actually works under the hood.
What It Does
- Creates PID, network, mount, and UTS namespaces
- Applies cgroup v2 resource limits (CPU, memory)
- Sets up a minimal root filesystem via chroot
- Implements basic container lifecycle (create, start, stop, delete)
Lessons Learned
Containers are not virtual machines. They are just processes with some kernel-level isolation. Understanding this distinction at the implementation level has made me a far better DevOps engineer.