Understanding Docker: From LXC Roots to Modern Container Architecture

1. Linux Containers (LXC)

LXC (Linux Container) provides lightweight OS‑level virtualization by isolating processes, network, mount points and other resources using kernel namespaces. Containers share the host kernel, incur minimal performance overhead, and avoid full hardware emulation.

2. Relationship between LXC and Docker

Docker is built on top of LXC’s isolation mechanisms. It uses LXC (or its own libcontainer implementation) to sandbox processes, then adds higher‑level features such as image management, networking, and resource control.

3. Docker overview

Docker is an open‑source application container engine written in Go and released under the Apache 2.0 license. It packages an application together with its runtime, libraries, environment variables and configuration into a portable, read‑only image that can be instantiated as a container on any Linux host.

Official documentation: https://docs.docker.com/

4. Kernel mechanisms used by Docker

Namespaces – isolate PID, network, mount, IPC, UTS and user namespaces.

cgroups – limit CPU, memory, I/O and other resources per container.

5. Core Docker concepts

Image – a read‑only template that contains the filesystem layers, runtime and metadata required to run an application.

Container – a running instance created from an image; it has its own isolated process space, network stack and filesystem view.

Repository / Registry – a storage service for images. Docker Hub is the public registry; private registries can be hosted internally.

6. Docker architecture

The main components are:

Docker client – the docker CLI that sends HTTP requests to the daemon.

Docker daemon – a background service that receives client requests, manages containers, images, networks and storage.

Docker server (API layer) – handles the REST API exposed by the daemon.

Engine – core execution engine that runs jobs such as create, pull, run, etc.

Job – the smallest unit of work inside the engine (e.g., start a container, download an image).

Registry – stores and distributes images.

Graph – manages local image storage and the relationships between image layers.

Driver – includes graphdriver (image storage), networkdriver (network setup) and execdriver (process execution).

libcontainer – a Go library that directly interacts with kernel namespaces and cgroups, allowing Docker to operate without LXC.

7. Common Docker commands

Installation (CentOS/RHEL)

yum install -y docker
systemctl enable docker
systemctl start docker

Version check

docker version

Image handling

# Pull an image
docker pull alpine
# Search public images
docker search nginx
# List local images
docker images
# Save an image to a tarball
docker save nginx > /tmp/nginx.tar.gz
# Load an image from a tarball
docker load < /tmp/nginx.tar.gz
# Remove an image
docker rmi -f nginx

Running containers

# Run a command in a new container
docker run centos echo "hello world"
# Interactive shell
docker run -it alpine sh
# Detached mode with a name
docker run -d --name test1 alpine
# Auto‑remove after exit
docker run --rm --name temp nginx

Attach / Exec

Attach (shares the same terminal): docker attach mynginx Exec (opens a new shell):

docker exec -it mynginx sh

Container management

List running containers: docker ps List all containers: docker ps -a Remove a container: docker rm <container_id> Inspect details: docker inspect mynginx View logs in real time:

docker logs -f mynginx

Network access example

# Inspect container to obtain its IP address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mynginx
# Test HTTP service from the host
curl 172.17.0.3

8. References

https://cloud.tencent.com/developer/article/1006116

https://yq.aliyun.com/articles/65145

https://blog.51cto.com/10085711/2068290

https://www.cnblogs.com/zuxing/articles/8717415.html