Back
Interactive Explainer

Linux Containers: namespaces & cgroups

The Linux kernel primitives behind containers: namespaces (isolation) and cgroups (resource limits).

🎯Key Takeaways
namespaces = isolation (what a container can see)
cgroups = resource limits (what a container can use)
No hypervisor: containers share the host kernel

Linux Containers: namespaces & cgroups

The Linux kernel primitives behind containers: namespaces (isolation) and cgroups (resource limits).

~1 min read
Be the first to complete!
What you'll learn
  • namespaces = isolation (what a container can see)
  • cgroups = resource limits (what a container can use)
  • No hypervisor: containers share the host kernel

Linux Primitives

Containers are not a kernel feature — they are a combination of Linux primitives: namespaces (isolate PID, network, mount, UTS, IPC, user), cgroups (limit CPU, memory, I/O), and union filesystems (overlayfs layers). Docker and containerd combine these into a usable API. No hypervisor needed: containers share the host kernel.

Key takeaways

  • namespaces = isolation (what a container can see)
  • cgroups = resource limits (what a container can use)
  • No hypervisor: containers share the host kernel

Ready to see how this works in the cloud?

Switch to Career Paths for structured paths (e.g. Developer, DevOps) and provider-specific lessons.

View role-based paths

Sign in to track your progress and mark lessons complete.

Discussion

Questions? Discuss in the community or start a thread below.

Join Discord

In-app Q&A

Sign in to start or join a thread.