Oliver Seitz

Docker exec without Docker

What if you could `exec` into a container without the Docker daemon? This talk reveals the Linux kernel features that make it possible.

Docker exec without Docker
#1about 1 minute

Understanding how the docker exec command really works

The talk explores what happens under the hood when you run `docker exec` and demonstrates how to achieve the same result without using Docker.

#2about 1 minute

Deconstructing the Docker stack to its Linux primitives

Docker is built on top of lower-level components like containerD and runC, which ultimately rely on core Linux kernel features like Cgroups and namespaces.

#3about 3 minutes

Limiting container resources using Linux Cgroups

Cgroups are a Linux kernel feature used to limit and account for resource usage, such as CPU, memory, process IDs, and I/O for a collection of processes.

#4about 4 minutes

A live demo of limiting process CPU with Cgroups

A practical demonstration shows how to create a new Cgroup, define a CPU usage limit in the `cpu.max` file, and assign a running process to it.

#5about 6 minutes

Isolating processes from each other using Linux namespaces

Namespaces provide process isolation by virtualizing system resources like network interfaces, mount points, process IDs, and user IDs for each container.

#6about 9 minutes

Replicating `docker exec` with the `nsenter` command

By finding a container's process ID on the host, you can use the `nsenter` command to enter all of its namespaces and gain a shell inside the container without using Docker.

#7about 3 minutes

Key takeaways and advice for deeper technical understanding

A summary of how Cgroups and namespaces power containers is followed by advice for developers to dig deeper into technologies, focus on one topic at a time, and share their knowledge.

Related jobs
Jobs that call for the skills explored in this talk.

test

Milly

Milly
Vienna, Austria

Intermediate
.NET
TypeScript
+1

test

Milly

Milly
Vienna, Austria

Intermediate
.NET
TypeScript
+1

d

Saby Company

Saby Company
Delebio, Italy

Junior
Java
Node.js

Matching moments

How container isolation works in the Linux kernel
07:05 MIN

How container isolation works in the Linux kernel

Kubernetes Security - Challenge and Opportunity

Understanding Docker fundamentals for application deployment
07:06 MIN

Understanding Docker fundamentals for application deployment

Rust and Docker: Let's build an AI-powered app!

Understanding container isolation with namespaces and cgroups
01:59 MIN

Understanding container isolation with namespaces and cgroups

Docker network without Docker

Exploring the Docker ecosystem and image layers
07:11 MIN

Exploring the Docker ecosystem and image layers

Database DevOps with Containers

Introducing bootable containers and the CNCF donation
02:31 MIN

Introducing bootable containers and the CNCF donation

Bootable AI Containers with Podman Desktop

Why the creator of Docker is interested in WebAssembly
02:20 MIN

Why the creator of Docker is interested in WebAssembly

WebAssembly: The Next Frontier of Cloud Computing

Why Dockerfile security is a critical foundation
01:35 MIN

Why Dockerfile security is a critical foundation

A practical guide to writing secure Dockerfiles

Using containers to improve security and deployment
02:35 MIN

Using containers to improve security and deployment

DevSecOps: Security in DevOps

Featured Partners

Related Videos

See all videos
Docker network without Docker28:26

Docker network without Docker

Oliver Seitz

Turning Container security up to 11 with Capabilities28:47

Turning Container security up to 11 with Capabilities

Mathias Tausig

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

This Is Not Your Father's .NET27:55

This Is Not Your Father's .NET

Don Schenck

Local Development Techniques with Kubernetes40:00

Local Development Techniques with Kubernetes

Rob Richardson

All things Docker Compose!28:30

All things Docker Compose!

Michael Irwin

Bootable AI Containers with Podman Desktop29:19

Bootable AI Containers with Podman Desktop

Kevin Dubois & Cedric Clyburn

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities32:19

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities

Stevan Le Meur

Related Articles

View all articles
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
DC
Daniel Cranney
Building AI Solutions with Rust and Docker
In recent years, artificial intelligence has surged in popularity in the world of development. While Python remains a popular choice in the realm of AI, Rust - often known as Rust Lang - is quickly emerging as a formidable alternative.Rust programmin...
Building AI Solutions with Rust and Docker
Learning Kubernetes made easy with KubeCampus
Learning to use Kubernetes? KubeCampus by Kasten offers free educational content for all skill levels to get you started!Kubernetes is an open-source system for deploying, scaling and managing containerized applications. It allows you to deploy your ...
Learning Kubernetes made easy with KubeCampus

From learning to earning

Jobs that call for the skills explored in this talk.

Full-Stack Developer

Full-Stack Developer

Friedrich Kicherer GmbH & Co. KG
Ellwangen (Jagst), Germany

Junior
Intermediate
Senior
GIT
Docker
JavaScript