Cgroups articles

2/12/2019 • EN

Secret Design Docs: Multi-Tenant Orchestrator

A design doc for a secure, multi-tenant container orchestrator to run isolated third-party code, focusing on security layers and OS requirements.

Cgroups Container Orchestration docker Multi Tenancy Security Isolation

Jessie Frazelle

2/26/2018 • EN

Container Runtimes Part 2: Anatomy of a Low-Level Container Runtime

Explains the core functions of low-level container runtimes, focusing on Linux namespaces and cgroups for container isolation and resource management.

Cgroups Container Runtimes Containerization Linux Namespaces Low Level Runtime

Ian Lewis

3/28/2017 • EN

Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs

A technical comparison of container technologies (Linux containers, Solaris Zones, BSD Jails) versus VMs, focusing on design philosophy and flexibility.

Cgroups containers Linux Namespaces Operating Systems virtualization

Jessie Frazelle

5/1/2016 • EN

Getting Towards Real Sandbox Containers

Explores the technical challenges and differences between traditional containers and true sandbox environments, focusing on user namespaces and privilege levels.

Cgroups Linux Containers sandboxing Seccomp User Namespaces

Jessie Frazelle