Docker Isolation

From Open Source Ecology
Jump to navigation Jump to search

Docker has its own filesystem namespace, process namespace, network namespace, and its own apps.

You cannot see filesystem of host inside a container. You can mount host filesystem, and can don't read only as well.

To mount,

Run -v hostfilesys : dockerfilesys

More precisely:

Docker containers run with their own filesystem namespace, process namespace, network namespace, and their own software environment. By default a container cannot see the host filesystem. A host directory can be made visible inside the container using a mount such as docker run -v host_directory:container_directory, optionally with :ro to make it read-only

Retrieved from "https://wiki.opensourceecology.org/index.php?title=Docker_Isolation&oldid=320915"