Docker Isolation: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Docker has its own filesystem namespace, process namespace, network namespace, and its own apps. You cannot see filesystem of host inside a container. You can mount host filesystem, and can don't read only as well. To mount, Run -v hostfilesys : dockerfilesys") |
No edit summary |
||
| Line 6: | Line 6: | ||
Run -v hostfilesys : dockerfilesys | Run -v hostfilesys : dockerfilesys | ||
More precisely: | |||
Docker containers run with their own filesystem namespace, process namespace, network namespace, and their own software environment. By default a container cannot see the host filesystem. A host directory can be made visible inside the container using a mount such as docker run -v host_directory:container_directory, optionally with :ro to make it read-only | |||
Latest revision as of 23:01, 8 March 2026
Docker has its own filesystem namespace, process namespace, network namespace, and its own apps.
You cannot see filesystem of host inside a container. You can mount host filesystem, and can don't read only as well.
To mount,
Run -v hostfilesys : dockerfilesys
More precisely:
Docker containers run with their own filesystem namespace, process namespace, network namespace, and their own software environment. By default a container cannot see the host filesystem. A host directory can be made visible inside the container using a mount such as docker run -v host_directory:container_directory, optionally with :ro to make it read-only