- Containers in OpenStack
- Pradeep Kumar Singh Madhuri Kumari
- 279字
- 2021-07-02 21:17:22
Container components
Linux containers are typically comprised of five major components:
- Kernel namespaces: Namespaces are the major building blocks of Linux containers. They isolate various types of Linux resources such as the network, processes, users, and the filesystem into different groups. This allows different groups of processes to have completely independent views of their resources. Other resources that can be segregated include the process ID space, the IPC space, and semaphore space.
- Control groups: Control groups, also known as CGroups, limit and account for different types of resource usage such as the CPU, memory, disk I/O, network I/O, and so on, across a group of different processes. They help in preventing one container from resource starvation or contention caused by another container, and thereby maintains QoS.
- Security: Security in containers is provided via the following components:
- Root capabilities: This will help in enforcing namespaces in so-called privileged containers by reducing the power of root, in some cases to no power at all.
- Discretionary Access Control (DAC): It mediates access to resources based on user-applied policies so that inpidual containers can't interfere with each other and can be run by non-root users securely.
- Mandatory Access Controls (MAC): Mandatory Access Controls (MAC), such as AppArmor and SELinux, are not required for creating containers, but are often a key element to their security. MAC ensures that neither the container code itself nor the code running in the containers has a greater degree of access than the process itself requires. This way, it minimizes the privileges granted to rogue or compromised processes.
- Toolsets: Above the host kernel lies the user-space toolsets such as LXD, Docker, and other libraries, which help in managing containers:
推薦閱讀
- 大數據導論:思維、技術與應用
- ABB工業機器人編程全集
- AutoCAD繪圖實用速查通典
- 網絡服務器架設(Windows Server+Linux Server)
- 控制與決策系統仿真
- 空間傳感器網絡復雜區域智能監測技術
- 現代機械運動控制技術
- 80x86/Pentium微型計算機原理及應用
- Kubernetes for Serverless Applications
- Implementing AWS:Design,Build,and Manage your Infrastructure
- 悟透AutoCAD 2009完全自學手冊
- 大數據技術基礎:基于Hadoop與Spark
- 網絡服務搭建、配置與管理大全(Linux版)
- 自動化生產線安裝與調試(三菱FX系列)(第二版)
- 會聲會影X4中文版從入門到精通