What docker cannot isolate
Docker cannot isolate "hard disk I/O reading and writing", but it can isolate the file system, network (Network), inter-process communication, users and user groups for permissions, PID and host within the process. The PID, host name and domain name of the host are isolated.
The operating environment of this tutorial: linux5.9.8 system, docker-1.13.1 version, Dell G3 computer.
Docker can control many resources, but currently it cannot isolate "hard disk I/O read and write" resources.
Hard disk I/O refers to the input and output of the hard disk (abbreviation of Input and Output). It is to issue instructions to read the contents of a certain sector from the disk. The command generally informs the disk of the starting sector position, then gives the number of consecutive sectors that need to be read from this initial sector, and also gives whether the action is reading or writing.
For disk I/O resources, the parameters to consider are capacity and read and write speed, so the disk restrictions on containers should also be based on these two dimensions. Currently, Docker supports limiting the read and write speed of the disk, but there is no way to limit the disk capacity that the container can use (once the disk is mounted into the container, the container can use all the capacity of the disk).
So what resources can docker isolate?
Docker implements resource isolation through namespace, resource limitation through cgroups, and efficient file operations through *copy-on-write mechanism*.
What namespace can isolate
If a container wants to not interfere with other containers, it needs to be able to do the following:
Files The system needs to be isolated
The network also needs to be isolated
The communication between processes must also be isolated
For permissions, users and user groups also need to be isolated
The PID in the process also needs to be isolated from the PID in the host
Containers must also have their own host names
With the above isolation, we believe that a container can be isolated from the host and other containers.
Recommended learning: "docker video tutorial"
The above is the detailed content of What docker cannot isolate. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1359
52
How to package project with pycharm
Apr 25, 2024 am 03:54 AM
There are four ways to package a project in PyCharm: Package as a separate executable file: Export to EXE single file format. Packaged as an installer: Generate Setuptools Makefile and build. Package as a Docker image: specify an image name, adjust build options, and build. Package as a container: Specify the image to build, adjust runtime options, and start the container.
Docker completes local deployment of LLama3 open source large model in three minutes
Apr 26, 2024 am 10:19 AM
Overview LLaMA-3 (LargeLanguageModelMetaAI3) is a large-scale open source generative artificial intelligence model developed by Meta Company. It has no major changes in model structure compared with the previous generation LLaMA-2. The LLaMA-3 model is divided into different scale versions, including small, medium and large, to suit different application needs and computing resources. The parameter size of small models is 8B, the parameter size of medium models is 70B, and the parameter size of large models reaches 400B. However, during training, the goal is to achieve multi-modal and multi-language functionality, and the results are expected to be comparable to GPT4/GPT4V. Install OllamaOllama is an open source large language model (LL
PHP distributed system architecture and practice
May 04, 2024 am 10:33 AM
PHP distributed system architecture achieves scalability, performance, and fault tolerance by distributing different components across network-connected machines. The architecture includes application servers, message queues, databases, caches, and load balancers. The steps for migrating PHP applications to a distributed architecture include: Identifying service boundaries Selecting a message queue system Adopting a microservices framework Deployment to container management Service discovery
Pi Node Teaching: What is a Pi Node? How to install and set up Pi Node?
Mar 05, 2025 pm 05:57 PM
Detailed explanation and installation guide for PiNetwork nodes This article will introduce the PiNetwork ecosystem in detail - Pi nodes, a key role in the PiNetwork ecosystem, and provide complete steps for installation and configuration. After the launch of the PiNetwork blockchain test network, Pi nodes have become an important part of many pioneers actively participating in the testing, preparing for the upcoming main network release. If you don’t know PiNetwork yet, please refer to what is Picoin? What is the price for listing? Pi usage, mining and security analysis. What is PiNetwork? The PiNetwork project started in 2019 and owns its exclusive cryptocurrency Pi Coin. The project aims to create a one that everyone can participate
Agile development and operation of PHP microservice containerization
May 08, 2024 pm 02:21 PM
Answer: PHP microservices are deployed with HelmCharts for agile development and containerized with DockerContainer for isolation and scalability. Detailed description: Use HelmCharts to automatically deploy PHP microservices to achieve agile development. Docker images allow for rapid iteration and version control of microservices. The DockerContainer standard isolates microservices, and Kubernetes manages the availability and scalability of the containers. Use Prometheus and Grafana to monitor microservice performance and health, and create alarms and automatic repair mechanisms.
How to install deepseek
Feb 19, 2025 pm 05:48 PM
There are many ways to install DeepSeek, including: compile from source (for experienced developers) using precompiled packages (for Windows users) using Docker containers (for most convenient, no need to worry about compatibility) No matter which method you choose, Please read the official documents carefully and prepare them fully to avoid unnecessary trouble.
How to optimize the performance of Java functions through containerization?
Apr 29, 2024 pm 03:09 PM
Containerization improves Java function performance in the following ways: Resource isolation - ensuring an isolated computing environment and avoiding resource contention. Lightweight - takes up less system resources and improves runtime performance. Fast startup - reduces function execution delays. Consistency - Decouple applications and infrastructure to ensure consistent behavior across environments.
Deploy JavaEE applications using Docker Containers
Jun 05, 2024 pm 08:29 PM
Deploy Java EE applications using Docker containers: Create a Dockerfile to define the image, build the image, run the container and map the port, and then access the application in the browser. Sample JavaEE application: REST API interacts with database, accessible on localhost after deployment via Docker.
