Rootless Containers
How it works
This section explains how Rootless Containers work under the hood.
- User Namespaces: for emulating root privileges that are needed for running containers
- Network Namespaces: for isolating network connections and IPC sockets
- OverlayFS: for deduplicating files
- Cgroups: for limiting consumption of CPUs, memory, IO, and PIDs.