Docker containers have their own kernel or not?

I see that a lot of docker images in the docker repository are made with an Ubuntu base.

What does that mean? Does each container bundle a stripped down version of the Linux kernel?

Do containers sit on top of their own kernels? But I thought containers share the kernel of the host (which in some cases is boot2docker, a custom Tiny Core Linux build, and in others something like CoreOS).

EDIT: Clarifying the question a bit. Yes I know docker is a process container, not a full VM. But since there are "Ubuntu" containers in the official docker hub registry and other OSes like CentOS, what does it mean to run Ubuntu in a container?

Answer: Ahh it just dawned on me. It is the Ubuntu user land processes, containing apt-get and other configuration processes for a particular Ubuntu build. Similarly for CentOS. Docker is not single process, just single entry. So for these distributions the entry point is some sort of init process that spawns other processes.

docker

stewart99

Posted 2015-03-14T06:17:36.357

Reputation: 821

2"It is the Ubuntu user land processes," - not only processes, but also libraries. – osgx – 2015-03-14T19:08:05.147

Answers

Docker uses host OS kernel, there is no custom or additional kernel inside container. All containers which run on a machine are sharing this "host" kernel.

Wikipedia says http://en.wikipedia.org/wiki/Docker_(software) that

Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.

cgroups, namespaces and LXC are features of Linux kernel to isolate groups of processes; there is still single kernel, single scheduler, and one instance of kernel memory manager.

Boot2docker and CoreOS are just lightweight Linux distributions with some host kernel; they can be used to load Docker containers.

http://boot2docker.io/

boot2docker is a lightweight Linux distribution based on Tiny Core Linux made specifically to run Docker containers. It runs completely from RAM, weighs ~27MB and boots in ~5s (YMMV).

http://en.wikipedia.org/wiki/CoreOS

A single control host (CoreOS instance) runs multiple isolated Linux systems (containers), using Docker as an additional layer of abstraction and interface[14] to the underlying operating-system-level virtualization features of the Linux kernel. ... This approach relies on the Linux kernel's cgroups functionality, which provides namespace isolation and abilities to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) for the collections of processes.

osgx

Posted 2015-03-14T06:17:36.357

Reputation: 5 419

1This doesn't answer the question. – EML – 2017-03-26T10:10:25.260

2EML, which question? By default all Docker containers have no own kernels. There is only one host kernel for all Docker containers. – osgx – 2017-03-26T14:00:34.067

sure, your answer is fine in as far as it goes, but the OP wanted to know why he must FROM a Ubuntu base image when the host is already running Ubuntu. To answer the question you have to explain what a base image is. – EML – 2017-03-26T14:50:10.503

EML, the question was edited with "Clarifying"(https://superuser.com/posts/889472/revisions) after my answer had been posted, so it is answer to original question without clarification. If you have some information to share about base images and kernels in docker, add another answer.

– osgx – 2017-03-26T15:05:39.933

In almost all cases, the host OS kernel is shared. To run a different kernel you need to use virtualization. This is rare and only used when necessary due to performance degradation.

"The Docker Engine container comprises just the application and its dependencies. It runs as an isolated process in userspace on the host operating system, sharing the kernel with other containers. Thus, it enjoys the resource isolation and allocation benefits of VMs but is much more portable and efficient."

This might help explain how it works: enter image description here

Source: https://www.docker.com/whatisdocker/

JeremiahBarrar

Posted 2015-03-14T06:17:36.357

Reputation: 825

4Any source for "Packages may use different kernels" ??? Docker itself can't use several kernels, there is always only single host kernel. Only when combined with hypervisor (virtualization) we can start several hosts each with own kernel version and run one Docker per virtual host; but for any host there will be only one kernel for host and for its Docked containers) – osgx – 2015-03-14T06:46:54.813

I clarified my answer. – JeremiahBarrar – 2015-03-14T06:52:57.120

2What is package? Docker container has no kernel inside it; it just installed and started on the kernel which is used on the host. So: one Docker = one server = one kernel, just as shown in picture. No way to use two kernels with single Docker engine; all containers inside this engine will use same kernel. I think correct answer is "No, Docker containers can't use different kernels within single instance of Docker Engine" – osgx – 2015-03-14T06:58:54.113

1Each docker container can run whatever code it wants, including virtualization software that is able to load any kernel your software may require. You can run Windows in a container if you want to. – JeremiahBarrar – 2015-03-14T07:40:45.200

1JeremiahBarrar, Got it, thank you for explanation. Is running virtualization software from inside of Docker container documented and is it supported by Docker? What kind of virtualization will work from Docker (software qemu, qemu+kvm, xen,...)? – osgx – 2015-03-14T08:10:42.090

Most virtualization software that runs on linux will work when properly configured. Here is an example: https://github.com/Ulexus/docker-qemu

– JeremiahBarrar – 2015-03-14T10:48:57.667

3The first sentence is misleading. Using a VM inside a container kind of defeats the point of using Docker. – user2707671 – 2018-04-13T13:36:26.103

2This is a misleading answer. – Chris Beach – 2018-09-28T08:35:09.740

All the docker containers use the host kernel.

It would also mean, that some incompatibility between a host kernel and the container distro could cause problems. In theory. For example, if a containerized software would want to use some kernel feature what was not compiled into the host kernel, then it would not work.

The practice is that this does not happen. The main trouble source of the docker containers are the (often unexplainable) limitations of the docker itself, and not some host-guest kernel incompatibility.

(P.s. It is because practically all Linux distros work with any Linux kernel.)

peterh - Reinstate Monica

Posted 2015-03-14T06:17:36.357

Reputation: 2 043