| Docker is just Linux processes running directly on the host as all other processes do. There is no virtualization at all. The major difference is that a typical process running under Docker or Podman: - Is unshared from the mount, net, PID, etc. namespaces, so they have their own mount points, network interfaces, and PID numbers (i.e. they have their own PID 1.) - Has a different root mount point. - May have resource limits set with cgroups. (And of course, those are all things you can also just do manually, like with `bwrap`.) There is a bit more, but well, not much. A Docker process is just a Linux process. So how does accessing the GPU work? Well sometimes there are some more advanced abstractions for the benefit of I presume stronger isolation, but generally you can just mount in the necessary device nodes and use the GPU directly, because it's a normal Linux process. This is generally what I do. |