Build Containers From Scratch in Go

In the last few years, the use of containers has increased significantly. The concept of containers have been around for several years, but it was Docker’s easy-to-use command line that started to popularize containers among developer in 2013.

In this series, I am trying to demonstrate how containers work underneath and how I did develop the vessel.

What is vessel?

vessel is an educational-purpose project of mine that implements a tiny version of Docker to manage containers. It does not use either containerd or runc, it uses a set of Linux features to be able to create containers.

0xc0d/vessel

vessel is neither production-ready nor well-tested software. It’s just a simple project to learn more about containers.

Let’s start: reading about Docker!

I found it useful to take a look at Docker docs and gain insight into containers first, before starting to code.

Docker, regarding its documentation, takes advantage of several features of the Linux kernel and combines them into a wrapper called a container format. Those features are:

• Namespaces
• Control groups
• Union file systems

Now let’s go through the above list and understand what they are briefly.

What is Namespace!?

Linux namespaces are the underlying technology behind the most modern container implementations. Namespaces are processes’ awareness of what else is running around them. Namespaces allow for isolating global system resources within a group of processes. The network namespace, for example, isolates the networking stack, which means processes within that network namespace can have their own independent routes, firewall rules, and network devices.

So without namespaces, processes in a container could, for example, unmount a file system, or set down a network interface in another…