Docker Internals : Demistifying Container

PID namespaces :

• Every running process sees only a limited set of resources. This limited resource set is identified by notion of namespace.
• In linux kernel for PID namespaces to be enabled CONFIG_PID_NS has to be made true.

Network namespaces : 

• Network support at operating system level contains network interface and routing table entries.There resources are typicall shared across entire OS.
• This typical behaviout can be altered by notion of Network Namespaces. With particular namespce we can isolate acess to network interface and routing table created hitherto.

IPC namespace : 

• Message queues, shared memory or socket communication can all be isolated with IPC namespce support provided by operating system

MNT namespace :

• Mount is a process abstration which enables access to storage devices.Notion of mount space enables OS to have isolated filesystems accessible to process that are executing.

UTS namespace : 

• UTS stands for UNIX Timesharing Sytem. It's an idea where at different instances in time we seem to have a different computing machine presented, in software front.
• Within a UTS namespace we have different hostname. 

With PID,NET,IPC,MNT and UTS namespaces we can create an virutal environments within a single operating system. Such environments are called "CONTAINERS".