What kernel features enable containers?
Namespaces, Cgroups, Capabilities, Seccomp, and AppArmor/SELinux.
What are namespaces used for?
Isolate system resources such as process IDs, mount points, network interfaces, and hostnames.
List the main types of Linux namespaces.
PID, Mount, UTS, IPC, User, Network, and Time namespaces.
What is a PID namespace?
Isolates process IDs so each container has its own PID 1 and process tree.
What is a mount namespace?
Isolates filesystem mount points, allowing different views of the filesystem.
What is a user namespace?
Allows a process to have root privileges inside a namespace without root access on the host.
What is a network namespace?
Provides each container with isolated network interfaces, IP tables, and routing tables.
What command lets you enter another process’s namespace?
nsenter -t <PID> -n -p</PID>
What are cgroups used for?
Limit, account for, and isolate resource usage (CPU, memory, I/O) among process groups.
What command shows a process’s cgroup membership?
cat /proc/<PID>/cgroup</PID>
What are Linux capabilities?
Fine-grained privileges split from root to limit what processes can do.
What does seccomp do?
Restricts system calls a process can make to reduce kernel attack surface.
What is AppArmor or SELinux used for?
Provides mandatory access control for confinement of processes and files.
What is containerd?
A container runtime that manages container lifecycle and image execution.
What is the difference between Docker and containerd?
Docker uses containerd under the hood as its container runtime.
What is virtualization?
The creation of virtual instances of computing resources, such as VMs running their own OS.
What is a hypervisor?
Software that creates and runs virtual machines.
What is a Type 1 hypervisor?
Runs directly on hardware (e.g., VMware ESXi, Xen, Hyper-V).
What is a Type 2 hypervisor?
Runs as an application on top of a host OS (e.g., VirtualBox, VMware Workstation).
What is memory virtualization?
Maps guest virtual addresses to host physical memory using page tables.
What are shadow page tables?
Used by hypervisors to translate guest virtual to host physical addresses efficiently.
How do containers differ from virtual machines?
Containers share the host kernel, while VMs emulate hardware and run their own kernels.
Which has stronger isolation: containers or VMs?
VMs, since each has its own kernel and hardware virtualization boundary.
Which has better performance and density: containers or VMs?
Containers — they are lightweight and have minimal overhead.
