|
|
|
|
|
|
by Zambyte
809 days ago
|
|
|
The point of containers is to run a process in an isolated environment. Microkernels by design allow isolating any process with very fine grain control, by allowing or disallowing certain IPC connections for a given process. Those connections can be enabled or disabled for a running process as well, which would essentially be like moving a process in and out of a container while it is running. Individual processes can also run entirely isolated stacks for things like networking, storage, etc. in an unprivileged way. The former can be particularly painful to deal with in Linux containers. Containers are basically monolithic kernels playing catching to the features designed into microkernel-based operating systems. |
|
|