What docker cannot isolate
Docker cannot isolate "hard disk I/O reading and writing", but it can isolate the file system, network (Network), inter-process communication, users and user groups for permissions, PID and host within the process. The PID, host name and domain name of the host are isolated.
The operating environment of this tutorial: linux5.9.8 system, docker-1.13.1 version, Dell G3 computer.
Docker can control many resources, but currently it cannot isolate "hard disk I/O read and write" resources.
Hard disk I/O refers to the input and output of the hard disk (abbreviation of Input and Output). It is to issue instructions to read the contents of a certain sector from the disk. The command generally informs the disk of the starting sector position, then gives the number of consecutive sectors that need to be read from this initial sector, and also gives whether the action is reading or writing.
For disk I/O resources, the parameters to consider are capacity and read and write speed, so the disk restrictions on containers should also be based on these two dimensions. Currently, Docker supports limiting the read and write speed of the disk, but there is no way to limit the disk capacity that the container can use (once the disk is mounted into the container, the container can use all the capacity of the disk).
So what resources can docker isolate?
Docker implements resource isolation through namespace, resource limitation through cgroups, and efficient file operations through *copy-on-write mechanism*.
What namespace can isolate
If a container wants to not interfere with other containers, it needs to be able to do the following:
Files The system needs to be isolated
The network also needs to be isolated
The communication between processes must also be isolated
For permissions, users and user groups also need to be isolated
The PID in the process also needs to be isolated from the PID in the host
Containers must also have their own host names
With the above isolation, we believe that a container can be isolated from the host and other containers.
Recommended learning: "docker video tutorial"
The above is the detailed content of What docker cannot isolate. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1658
14
1415
52
1309
25
1257
29
1231
24
How to exit the container by docker
Apr 15, 2025 pm 12:15 PM
Four ways to exit Docker container: Use Ctrl D in the container terminal Enter exit command in the container terminal Use docker stop <container_name> Command Use docker kill <container_name> command in the host terminal (force exit)
How to copy files in docker to outside
Apr 15, 2025 pm 12:12 PM
Methods for copying files to external hosts in Docker: Use the docker cp command: Execute docker cp [Options] <Container Path> <Host Path>. Using data volumes: Create a directory on the host, and use the -v parameter to mount the directory into the container when creating the container to achieve bidirectional file synchronization.
How to check the name of the docker container
Apr 15, 2025 pm 12:21 PM
You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).
How to restart docker
Apr 15, 2025 pm 12:06 PM
How to restart the Docker container: get the container ID (docker ps); stop the container (docker stop <container_id>); start the container (docker start <container_id>); verify that the restart is successful (docker ps). Other methods: Docker Compose (docker-compose restart) or Docker API (see Docker documentation).
How to start containers by docker
Apr 15, 2025 pm 12:27 PM
Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".
How to start mysql by docker
Apr 15, 2025 pm 12:09 PM
The process of starting MySQL in Docker consists of the following steps: Pull the MySQL image to create and start the container, set the root user password, and map the port verification connection Create the database and the user grants all permissions to the database
How to update the image of docker
Apr 15, 2025 pm 12:03 PM
The steps to update a Docker image are as follows: Pull the latest image tag New image Delete the old image for a specific tag (optional) Restart the container (if needed)
How to create containers for docker
Apr 15, 2025 pm 12:18 PM
Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]
