What does chroot do in docker?
In docker, chroot is an operation in Unix and Linux systems. For the running software process and its sub-processes, changing its explicit root directory can change the root directory of a process, so that This program cannot access other directories outside the directory.
The operating environment of this tutorial: linux7.3 system, docker-1.13.1 version, Dell G3 computer.
What does chroot do in docker
chroot
Container technology has emerged since the first advent of chroot in 1979.
Wikipedia defines chroot as follows:
is an operation in Unix and Linux systems to change the apparent root directory of a running software process and its child processes. A program running in this environment and setting the root directory through chroot cannot access files outside the specified root directory, cannot read them, and cannot change its contents.
In layman's terms, chroot can change the root directory of a process so that the program cannot access other directories outside the directory. This is very similar to what we do in a container. Below we use an example to demonstrate chroot.
chroot example description:
1), mkdir rootfs
#Create a directory named: rootfs in the current directory
2), cd rootfs
#Enter the directory name: rootfs directory
3), docker export $(docker create docker101tutorial) -o docker101tutorial.tar
#Name the container: The file system of docker101tutorial is exported to docker101tutorial.tar as a docker101tutorial.tar archive file and saved
#It can also be simply understood as creating some directories and placing some binary files under rootfs
4), tar -xf docker101tutorial.tar
#Extract the contents of the docker101tutorial.tar file
5), ls
#View the file contents in the current rootfs directory
6), chroot /Users/xiaoqin.wu/rootfs /bin/sh
#Start a sh process, and use /Users/xiaoqin.wu/rootfs as the root directory of the sh process
Compare the result of command 5 in the above picture: ls to view the file contents in the /Users/xiaoqin.wu/rootfs directory and the result of using it in the sh process Command 7: The results of ls checking the current process are consistent. At this point, it means that the current process and the host are isolated using chroot. A directory isolation container is completed, but it cannot be called a container yet.
The reasons are as follows:
Use command 8: netstat -nr to view routing information
It is found from the results that the network information is not isolated. In fact, process and other information are not isolated at this time. To implement a complete container, three other Linux technologies are needed to achieve it, namely:
Namespace
Cgroup
United File System
Recommended learning: "docker video tutorial"
The above is the detailed content of What does chroot do in docker?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1662
14
1419
52
1311
25
1262
29
1234
24
How to exit the container by docker
Apr 15, 2025 pm 12:15 PM
Four ways to exit Docker container: Use Ctrl D in the container terminal Enter exit command in the container terminal Use docker stop <container_name> Command Use docker kill <container_name> command in the host terminal (force exit)
How to copy files in docker to outside
Apr 15, 2025 pm 12:12 PM
Methods for copying files to external hosts in Docker: Use the docker cp command: Execute docker cp [Options] <Container Path> <Host Path>. Using data volumes: Create a directory on the host, and use the -v parameter to mount the directory into the container when creating the container to achieve bidirectional file synchronization.
How to start containers by docker
Apr 15, 2025 pm 12:27 PM
Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".
How to restart docker
Apr 15, 2025 pm 12:06 PM
How to restart the Docker container: get the container ID (docker ps); stop the container (docker stop <container_id>); start the container (docker start <container_id>); verify that the restart is successful (docker ps). Other methods: Docker Compose (docker-compose restart) or Docker API (see Docker documentation).
How to check the name of the docker container
Apr 15, 2025 pm 12:21 PM
You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).
How to start mysql by docker
Apr 15, 2025 pm 12:09 PM
The process of starting MySQL in Docker consists of the following steps: Pull the MySQL image to create and start the container, set the root user password, and map the port verification connection Create the database and the user grants all permissions to the database
How to create containers for docker
Apr 15, 2025 pm 12:18 PM
Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]
How to update the image of docker
Apr 15, 2025 pm 12:03 PM
The steps to update a Docker image are as follows: Pull the latest image tag New image Delete the old image for a specific tag (optional) Restart the container (if needed)
