Docker Isolation

From Open Source Ecology
Revision as of 23:01, 8 March 2026 by Marcin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Docker has its own filesystem namespace, process namespace, network namespace, and its own apps.

You cannot see filesystem of host inside a container. You can mount host filesystem, and can don't read only as well.

To mount,

Run -v hostfilesys : dockerfilesys

More precisely:

Docker containers run with their own filesystem namespace, process namespace, network namespace, and their own software environment. By default a container cannot see the host filesystem. A host directory can be made visible inside the container using a mount such as docker run -v host_directory:container_directory, optionally with :ro to make it read-only

Retrieved from "https://wiki.opensourceecology.org/index.php?title=Docker_Isolation&oldid=320915"