Docker design question

If docker exposes a single kernel on a machine to all containers on that machine then doesn’t that mean that things running in the kernel layer need to be written (or re-written) to be container aware? If a file system is implemented in the kernel and all containers share the kernel then it would seem all containers would share that kernel’s file system, unless the file system is aware of containers and prevents that scenario.

You might look at what was happening in Docker land 2-3 years ago, and why you can’t really run Docker on a CentOS 6 host. There is in fact a lot of interface between Docker and the Linux kernel.

(My impression is that a lot of the parts like user and network namespaces already existed before Docker came along, but the filesystem layer in particular was, historically, a source of trouble. I definitely remember problems – again on CentOS 6 – where the most current Red Hat patched kernel would consistently crash in Docker so our product shipped a slightly older kernel that worked. Fun times! Not so much an issue now that the Docker ecosystem has matured quite a bit.)