Implementing a Minimal Docker with Shell: Namespaces, Cgroups, and OverlayFS

This article explains how to build a simplified Docker‑like container runtime using Bash, focusing on Linux kernel features such as namespaces, cgroups, and overlayfs.

1. Purpose – To deepen understanding of Docker’s core mechanisms by interactively experimenting with them.

2. Technical breakdown

Namespace: description, related system calls (clone, setns, unshare) and how to view namespaces via # ls -l /proc/$$/ns. Example commands demonstrate creating and entering IPC, UTS, and network namespaces using nsenter and unshare.

Cgroup: overview of resource limiting, prioritization, accounting and control, with commands to list supported subsystems ( # cat /proc/cgroups) and view process cgroup membership ( # cat /proc/$$/cgroup).

Rootfs and overlayfs: explanation of Docker’s root filesystem, union‑mount layers (lower, upper, work, merged) and how overlayfs resolves reads and writes. Sample commands create overlay directories and mount them with

mount -t overlay overlay -o lowerdir=...,upperdir=...,workdir=... merged

.

3. Full script – A 130‑line Bash script (named bocker) implements image creation, pulling from Docker Hub, container start, exec, logs, commit, and removal, leveraging the previously described namespace, cgroup and overlayfs operations.

4. Prerequisites – overlayfs, iproute2, iptables, libcgroup‑tools, util‑linux, coreutils, and appropriate network bridge configuration.

5. Summary – By following the tutorial, readers gain practical insight into Docker’s underlying technologies, which helps in troubleshooting and extending container solutions.