Oliver Seitz

Docker exec without Docker

What if you could `exec` into a container without the Docker daemon? This talk reveals the Linux kernel features that make it possible.

Docker exec without Docker
#1about 1 minute

Understanding how the docker exec command really works

The talk explores what happens under the hood when you run `docker exec` and demonstrates how to achieve the same result without using Docker.

#2about 1 minute

Deconstructing the Docker stack to its Linux primitives

Docker is built on top of lower-level components like containerD and runC, which ultimately rely on core Linux kernel features like Cgroups and namespaces.

#3about 3 minutes

Limiting container resources using Linux Cgroups

Cgroups are a Linux kernel feature used to limit and account for resource usage, such as CPU, memory, process IDs, and I/O for a collection of processes.

#4about 4 minutes

A live demo of limiting process CPU with Cgroups

A practical demonstration shows how to create a new Cgroup, define a CPU usage limit in the `cpu.max` file, and assign a running process to it.

#5about 6 minutes

Isolating processes from each other using Linux namespaces

Namespaces provide process isolation by virtualizing system resources like network interfaces, mount points, process IDs, and user IDs for each container.

#6about 9 minutes

Replicating `docker exec` with the `nsenter` command

By finding a container's process ID on the host, you can use the `nsenter` command to enter all of its namespaces and gain a shell inside the container without using Docker.

#7about 3 minutes

Key takeaways and advice for deeper technical understanding

A summary of how Cgroups and namespaces power containers is followed by advice for developers to dig deeper into technologies, focus on one topic at a time, and share their knowledge.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

How container isolation works in the Linux kernel
07:05 MIN

How container isolation works in the Linux kernel

Kubernetes Security - Challenge and Opportunity

Understanding Docker fundamentals for application deployment
07:06 MIN

Understanding Docker fundamentals for application deployment

Rust and Docker: Let's build an AI-powered app!

Understanding container isolation with namespaces and cgroups
01:59 MIN

Understanding container isolation with namespaces and cgroups

Docker network without Docker

Exploring the Docker ecosystem and image layers
07:11 MIN

Exploring the Docker ecosystem and image layers

Database DevOps with Containers

Introducing bootable containers and the CNCF donation
02:31 MIN

Introducing bootable containers and the CNCF donation

Bootable AI Containers with Podman Desktop

Why the creator of Docker is interested in WebAssembly
02:20 MIN

Why the creator of Docker is interested in WebAssembly

WebAssembly: The Next Frontier of Cloud Computing

Why Dockerfile security is a critical foundation
01:35 MIN

Why Dockerfile security is a critical foundation

A practical guide to writing secure Dockerfiles

Using containers to improve security and deployment
02:35 MIN

Using containers to improve security and deployment

DevSecOps: Security in DevOps

Featured Partners

Related Videos

See all videos
Docker network without Docker
28:26

Docker network without Docker

Oliver Seitz

Turning Container security up to 11 with Capabilities
28:47

Turning Container security up to 11 with Capabilities

Mathias Tausig

Compose the Future: Building Agentic Applications, Made Simple with Docker
50:09

Compose the Future: Building Agentic Applications, Made Simple with Docker

Mark Cavage, Tushar Jain, Jim Clark & Yunong Xiao

This Is Not Your Father's .NET
27:55

This Is Not Your Father's .NET

Don Schenck

Kubernetes Security - Challenge and Opportunity
42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

All things Docker Compose!
28:30

All things Docker Compose!

Michael Irwin

Bootable AI Containers with Podman Desktop
29:19

Bootable AI Containers with Podman Desktop

Kevin Dubois & Cedric Clyburn

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities
32:19

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities

Stevan Le Meur

Related Articles

View all articles
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
Daniel Cranney
Building AI Solutions with Rust and Docker
In recent years, artificial intelligence has surged in popularity in the world of development. While Python remains a popular choice in the realm of AI, Rust - often known as Rust Lang - is quickly emerging as a formidable alternative.Rust programmin...
Building AI Solutions with Rust and Docker
Learning Kubernetes made easy with KubeCampus
Learning to use Kubernetes? KubeCampus by Kasten offers free educational content for all skill levels to get you started!Kubernetes is an open-source system for deploying, scaling and managing containerized applications. It allows you to deploy your ...
Learning Kubernetes made easy with KubeCampus

From learning to earning

Jobs that call for the skills explored in this talk.

Full-Stack Developer

Full-Stack Developer

Friedrich Kicherer GmbH & Co. KG
Ellwangen (Jagst), Germany

Junior
Intermediate
Senior
GIT
Docker
JavaScript