Oliver Seitz

Docker exec without Docker

What if you could `exec` into a container without the Docker daemon? This talk reveals the Linux kernel features that make it possible.

Docker exec without Docker
#1about 1 minute

Understanding how the docker exec command really works

The talk explores what happens under the hood when you run `docker exec` and demonstrates how to achieve the same result without using Docker.

#2about 1 minute

Deconstructing the Docker stack to its Linux primitives

Docker is built on top of lower-level components like containerD and runC, which ultimately rely on core Linux kernel features like Cgroups and namespaces.

#3about 3 minutes

Limiting container resources using Linux Cgroups

Cgroups are a Linux kernel feature used to limit and account for resource usage, such as CPU, memory, process IDs, and I/O for a collection of processes.

#4about 4 minutes

A live demo of limiting process CPU with Cgroups

A practical demonstration shows how to create a new Cgroup, define a CPU usage limit in the `cpu.max` file, and assign a running process to it.

#5about 6 minutes

Isolating processes from each other using Linux namespaces

Namespaces provide process isolation by virtualizing system resources like network interfaces, mount points, process IDs, and user IDs for each container.

#6about 9 minutes

Replicating `docker exec` with the `nsenter` command

By finding a container's process ID on the host, you can use the `nsenter` command to enter all of its namespaces and gain a shell inside the container without using Docker.

#7about 3 minutes

Key takeaways and advice for deeper technical understanding

A summary of how Cgroups and namespaces power containers is followed by advice for developers to dig deeper into technologies, focus on one topic at a time, and share their knowledge.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Technical challenges of shipping a cross-platform browser
09:38 MIN

Technical challenges of shipping a cross-platform browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Why you might not need JavaScript for everything
02:33 MIN

Why you might not need JavaScript for everything

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

The origin story of the Polypane developer browser
05:28 MIN

The origin story of the Polypane developer browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Featured Partners

Related Videos

See all videos
Docker network without Docker28:26

Docker network without Docker

Oliver Seitz

Turning Container security up to 11 with Capabilities28:47

Turning Container security up to 11 with Capabilities

Mathias Tausig

Compose the Future: Building Agentic Applications, Made Simple with Docker50:09

Compose the Future: Building Agentic Applications, Made Simple with Docker

Mark Cavage, Tushar Jain, Jim Clark & Yunong Xiao

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

This Is Not Your Father's .NET27:55

This Is Not Your Father's .NET

Don Schenck

All things Docker Compose!28:30

All things Docker Compose!

Michael Irwin

Bootable AI Containers with Podman Desktop29:19

Bootable AI Containers with Podman Desktop

Kevin Dubois & Cedric Clyburn

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities32:19

Containers and Kubernetes made easy: Deep dive into Podman Desktop and new AI capabilities

Stevan Le Meur

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 172: CODE100 is back, Linux Containers & PHP in Node!
Inside last week’s Dev Digest 172 . 🍎 All WDC Web Tech announcements 📦 Linux containers on MacOS 🧑‍💻 Take a CODE100 challenge to join the WeAreDevelopers World Congress 📝 Training AI without GDPR issues 📱 Mobile port tracking and restricted Android ...
Dev Digest 172: CODE100 is back, Linux Containers & PHP in Node!
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
DC
Daniel Cranney
Building AI Solutions with Rust and Docker
In recent years, artificial intelligence has surged in popularity in the world of development. While Python remains a popular choice in the realm of AI, Rust - often known as Rust Lang - is quickly emerging as a formidable alternative.Rust programmin...
Building AI Solutions with Rust and Docker

From learning to earning

Jobs that call for the skills explored in this talk.

Devops Container Engineer

Devops Container Engineer

Softwarezentrum Böblingen/Sindelfingen e.V.
Böblingen, Germany

Remote
Intermediate
GIT
Bash
Azure
Linux
+5