I’d like to learn more on how Docker really works and what it does behind the scenes to achieve isolation.
AFAIK, on Linux, it builds on cgroups and namespaces, but how exactly are those kernel features leveraged and what other OS mechanism are utilized?
How does Docker achieve the same isolation on other platforms? Apparently, via virtualization, but how exactly?
If you’re aware of any resources that already answer these questions, pointers would be very welcome as well.