What is docker?

What is docker, what is CHROOT, what are the uses and differences.

What is docker?

Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization. Containers are lightweight, standalone, and executable software packages that include everything needed to run an application: code, runtime, system tools, libraries, and settings. This ensures consistency across multiple environments, from development to production.

Linux/Unix has had similar technology to this for years called chroot which operates on a similar principal of application isolation, changing the perceived root of an application process, and it's child process to a folder separate from the root of the operating system.

While chroot provides a isolation, it has it's limitations. Processes with root privileges inside chroot can potentially escape isolation if the environment is not carefully configured. Also, chroot doesn't restrict access to system resources like networking or process management, which means that an isolated application process might still be able to interact with other parts of the system.

chroot still has it's uses despite these caveats.

Common Uses of chroot

  1. System Recovery: In situations where a system becomes unbootable due to configuration errors or corrupted files, administrators can boot from a live CD or USB, mount the system's filesystem, and use chroot to access and repair the damaged environment.
  2. Testing and Development: Developers can create isolated environments using chroot to test software without affecting the host system. This ensures that any changes or potential issues remain confined within the chroot jail.
  3. Dependency Management: By setting up a chroot environment with specific libraries and dependencies, developers can test how their applications perform in different setups, ensuring compatibility and stability across various configurations.
  4. Running Legacy Software: Older applications that require outdated libraries can be run within a chroot environment tailored to include those specific dependencies, without interfering with the host system's modern libraries.

Docker on the other hand expands on the concept of application/process isolation by providing a suite of utilities that improve on the idea, we refer to this as application containerization. Docker uses Linux namespaces and control groups to provide a more isolated process environment, in contrast to changing the processes root filesystem. This provides the docker container with completely separate filesystems, process trees, resource limitations and networking stacks.

Docker was designed to provide an avenue to combat the issues and confusion with IWOMM (It works on my machine). The concept of following a set of instructions to install and setup and application environment, only for it not to work. This can be caused by a whole host of variables, including OS versions, software versions, or missing files, instructions, etc.

This provides a way for a developer to build a working application, with all it's dependencies, and then allow anyone to pull that container to their server or system, and run it without the fear of the application not working, or the hassle of building the application on the user's side.

Docker uses a dockerfile which is a set of instructions that the docker software uses to build and install the application, requirements, and additional software into an application container. This container is now a self-contained application, it is then exported to a container registry, and can be downloaded to a users machine and run as an application on it's own.

Application containers differ from Linux/OS containers (LXC/LXD), and VM (virtual machines) in many ways. I will explore these differences in another post.