Containers from Scratch

Avishai Ish-Shalom, Aleph VC, and Nati Cohen, Here Technologies


Docker is very popular these days, but how many of us are really familiar with the basic building blocks of Linux containers and their implications? What's missing in the good ol’ chroot jails? What are the available Copy-on-Write options and what are their pros and cons? Which syscalls allow us to manipulate Linux namespaces and what are their limitations? How do resource limits actually work? What different behaviours do containers and VMs have?

In this hands-on workshop, we will build a small Docker-like tool from O/S level primitives in order to learn how Docker and containers actually work. Starting from a regular process, we will gradually isolate and constrain it until we have a (nearly) full container solution, pausing after each step to learn how our new constraints behave.

Pre-Reading List:

Prerequisites, Skills, and Tools:

Basic knowledge of Python or C, good knowledge of Linux.

Avishai Ish-Shalom, Aleph VC

Avishai is a veteran operations and software engineer with years of high scale production experience. After spending many years in startup and web companies, Avishai now serves as Engineer in Residence in Aleph VC fund. In his spare time, Avishai is spreading weird ideas and conspiracy theories like DevOps and Operations Engineering.

@conference {212981,
author = {Avishai Ish-Shalom},
title = {Containers from Scratch},
year = {2018},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = mar