A good follow on after this would be looking at the source code for bocker. It's a clone of large parts of docker, but in about 100 lines of bash.
You'll see references to nsenter, cgcreate, cgdelete, cgexec, and so on. It's helpful to see how docker is mostly a veneer over things that are already in Linux. Not discounting docker, but a lot of the actual value is in things like Docker Hub and Docker Desktop versus the runtime itself.
Absolutely, the "secret sauce" is in the tooling and workflows. Other OSs have great container tech underneath - illumos zones and FreeBSD jails - but without the ease of use and ease of moving around images, they're a lot less useful.
Nicely demonstrated but I actually had to type this in (cut-n-paste) these commands to understand.
Probably could IMHO benefit from some simpler sentences to help most like-minded engineers to bridge the Linux namespace knowledge gap and get there quicker.
THEN again, I am not most like-minded engineers, just a lowly zero-buf network software architect for a layer-5 IPS/IDS system.
At any rate, it’s a great article of HOWTO “get there” due to its actual inner-working and interactivity between network realms being exposed.
I mostly deal with the NET namespace (eg. 100+ VPN WAN source-base router + IDS lol) but I've never read an article that explore other namespaces in detail.
You'll see references to nsenter, cgcreate, cgdelete, cgexec, and so on. It's helpful to see how docker is mostly a veneer over things that are already in Linux. Not discounting docker, but a lot of the actual value is in things like Docker Hub and Docker Desktop versus the runtime itself.
https://github.com/p8952/bocker/blob/master/bocker