There are images on docker registry which have names like ubuntu or redhat. Do these images run the complete operating system or do they only contain the utilities that come with the operating system? I thought the operating system is always of the host and the docker image should not be running the operating system. Kindly clarify.
Usually, the operating system images in the registry are a âslimmed downâ version of a full blown OS. If you look at the size of the Ubuntu image for example, youâll see it is only a couple of hundred meg in size.
So is it an OS at all? Does it have a kernel that interfaces with the
hardware?
The Dockerfile for each will provide what is in it and what is not.
For example, the Ubuntu âtrustyâ image manifest is located here
This appears to be a bunch of utilities that typically come with a Ubuntu
distribution, and not really the OS. Am I right in understanding that such
images are just a collection of utilities but not the OS itself?
1 Like
I guess it depends on what you define as the âOSâ. It is a lighter-weight OS. The Ubuntu image is running a kernel, but doesnât have the kernel .deb files. It can interact with devices that are included - but it is a whole lot less than a full blown Ubuntu.
Docker images (including the ubiquitous ubuntu and debian images) donât contain kernels, and containers based on them donât run kernels; they always share the host kernel. You need to go through special setup to be able to use host devices, regardless of what /dev special files exist in a container.
You can make an argument that the ubuntu image has unnecessary components that arenât used in typical Docker setups (an init system, a DHCP client) that make it closer to a âfull OS imageâ; or you can make an argument that, since ubuntu doesnât have its own kernel, itâs ânot an OSâ. Iâm not really sure how âoperating systemâ is defined these days.
2 Likes
The operating system of the host is not the operating system running in the container. That is the beauty of using containers. For example: the OS of the host could be RedHat and the OS of the container could be Ubuntu. The only thing that the host and container share is the kernel of the host. The filesystems and everything else are of their respective operating systems. Applications running in an Ubuntu container are running on Ubuntu. Applications running in an Alpine container are running on Alpine. It doesnât matter that the host might be CentOS or any other Linux distro. Every container is running some linux distro that does not have to be the host distro. Hopefully that helps to clarifiy things for you. If not, ask more questions. 
~jr
1 Like
The only thing that the host and container share is the kernel of the hostâŠ
rightâŠ
if host operating system kernel has corrupt than what about dockerâŠ
Then the Docker containers will be affected too because they share the same kernel.
There is no magic. A âcontainerâ really isnât a âthingâ. Itâs a concept. The process that is supposedly âinsideâ the container is actually running on the host in itâs own namespace, control group (cgroup), and union filesystem overlay. A cgroup limits a process to a specific set of resources.
Here is an example of running ps and grepping for redis and then running Redis in a container and running ps again:
root@test:~$ ps -aef | grep redis
root 9652 8764 0 17:58 pts/0 00:00:00 grep --color=auto redis
root@test:~$ docker run -d redis:alpine
10e3b5825260dacb6821157c3b20d0480f1558cd7c545d767cb469a62bb6b64a
root@test:~$ ps -aef | grep redis
systemd+ 9771 9734 1 17:59 ? 00:00:00 redis-server
root 9837 8764 0 17:59 pts/0 00:00:00 grep --color=auto redis
This first time we run ps and grep for redis we just see our grep command running. Then we start a Redis docker container and look at ps again and see that redis-server is actually running on our host with pid 9771.
Processes running in a container are sharing the same kernel as the host so if the kernel becomes corrupt, it is corrupt for every process running on the host including those running in Docker containers.
~jr
I have a few questions, hoping someone can answer them.
- Are there Docker images that do not come with an operating system? busybox is one of them, right?
- The Ruby image comes with the operating system, right?
Usually Docker Images come without operating system. Thatâs their purpose - opposed to VMs.
A Docker Image normally includes the application and dependencies.
Busybox is rather a shell that includes many common Unix tools.