Control Groups and Capabilities
Explore how Docker leverages Linux control groups (cgroups) to limit container resource usage and capabilities to assign precise permissions. Understand the principle of least privilege to secure containers by running them with only necessary rights, helping prevent resource abuse and enhancing security.
We'll cover the following...
Control groups
If namespaces are about isolation, control groups (cgroups) are about limits.
Think of containers as similar to rooms in a hotel. While each room might appear to be isolated, they actually share many things, such as water, electricity, air conditioning, a swimming pool, a gym, elevators, a breakfast bar, and more. Containers are similar—even though they’re isolated, they share many common resources, such as the host’s CPU, RAM, network I/O, and disk I/O. ...