Oliver Seitz

Docker exec without Docker

What if you could `exec` into a container without the Docker daemon? This talk reveals the Linux kernel features that make it possible.

Docker exec without Docker
#1about 1 minute

Understanding how the docker exec command really works

The talk explores what happens under the hood when you run `docker exec` and demonstrates how to achieve the same result without using Docker.

#2about 1 minute

Deconstructing the Docker stack to its Linux primitives

Docker is built on top of lower-level components like containerD and runC, which ultimately rely on core Linux kernel features like Cgroups and namespaces.

#3about 3 minutes

Limiting container resources using Linux Cgroups

Cgroups are a Linux kernel feature used to limit and account for resource usage, such as CPU, memory, process IDs, and I/O for a collection of processes.

#4about 4 minutes

A live demo of limiting process CPU with Cgroups

A practical demonstration shows how to create a new Cgroup, define a CPU usage limit in the `cpu.max` file, and assign a running process to it.

#5about 6 minutes

Isolating processes from each other using Linux namespaces

Namespaces provide process isolation by virtualizing system resources like network interfaces, mount points, process IDs, and user IDs for each container.

#6about 9 minutes

Replicating `docker exec` with the `nsenter` command

By finding a container's process ID on the host, you can use the `nsenter` command to enter all of its namespaces and gain a shell inside the container without using Docker.

#7about 3 minutes

Key takeaways and advice for deeper technical understanding

A summary of how Cgroups and namespaces power containers is followed by advice for developers to dig deeper into technologies, focus on one topic at a time, and share their knowledge.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

How container isolation works in the Linux kernel
11:15 MIN

How container isolation works in the Linux kernel

Kubernetes Security - Challenge and Opportunity

Why Dockerfile security is a critical foundation
06:06 MIN

Why Dockerfile security is a critical foundation

A practical guide to writing secure Dockerfiles

Using containers to improve security and deployment
13:51 MIN

Using containers to improve security and deployment

DevSecOps: Security in DevOps

Running containers with access to vehicle electronics
06:26 MIN

Running containers with access to vehicle electronics

A Hitchhikers Guide to Container Security - Automotive Edition 2024

The evolution of running databases in containers
02:30 MIN

The evolution of running databases in containers

Databases on Kubernetes: Why you should care

Executing a container breakout using the Dirty Pipe vulnerability
25:28 MIN

Executing a container breakout using the Dirty Pipe vulnerability

Hacking Kubernetes: Live Demo Marathon

Understanding Docker fundamentals for application deployment
08:25 MIN

Understanding Docker fundamentals for application deployment

Rust and Docker: Let's build an AI-powered app!

Understanding container isolation with namespaces and cgroups
00:57 MIN

Understanding container isolation with namespaces and cgroups

Docker network without Docker

Featured Partners

Related Videos

See all videos
Docker network without Docker28:26

Docker network without Docker

Oliver Seitz

Turning Container security up to 11 with Capabilities28:47

Turning Container security up to 11 with Capabilities

Mathias Tausig

Compose the Future: Building Agentic Applications, Made Simple with Docker50:09

Compose the Future: Building Agentic Applications, Made Simple with Docker

Mark Cavage, Tushar Jain, Jim Clark & Yunong Xiao

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

This Is Not Your Father's .NET27:55

This Is Not Your Father's .NET

Don Schenck

All things Docker Compose!28:30

All things Docker Compose!

Michael Irwin

Bootable AI Containers with Podman Desktop29:19

Bootable AI Containers with Podman Desktop

Kevin Dubois & Cedric Clyburn

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities32:19

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities

Stevan Le Meur

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 172: CODE100 is back, Linux Containers & PHP in Node!
Inside last week’s Dev Digest 172 . 🍎 All WDC Web Tech announcements 📦 Linux containers on MacOS 🧑‍💻 Take a CODE100 challenge to join the WeAreDevelopers World Congress 📝 Training AI without GDPR issues 📱 Mobile port tracking and restricted Android ...
Dev Digest 172: CODE100 is back, Linux Containers & PHP in Node!
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
DC
Daniel Cranney
Building AI Solutions with Rust and Docker
In recent years, artificial intelligence has surged in popularity in the world of development. While Python remains a popular choice in the realm of AI, Rust - often known as Rust Lang - is quickly emerging as a formidable alternative.Rust programmin...
Building AI Solutions with Rust and Docker

From learning to earning

Jobs that call for the skills explored in this talk.

Rust and GoLang

Rust and GoLang

NHe4a GmbH
Karlsruhe, Germany

Remote
55-65K
Intermediate
Senior
Go
Rust
Expert Docker (H/F)

Expert Docker (H/F)

Exiptel
Canton de Lille-5, France

Remote
Senior
Linux
DevOps
Docker
Continuous Integration