Re: Container == process

Re: Container == process

A chroot is simply changing the root filesystem for the process (shell) that you are running. A container is a process that runs child processes with a different root filesystem and limits access to system calls and resources based on dynamic criteria. Nothing more, nothing less. It's similar in nature to a debugger really. The trick for "containing stuffs" is mimicking the system calls without allowing process to escape and perform functions that will expose global resources.

In FreeBSD ALL process run in Jails. The main process runs in Jail 0.

