To understand containers, you first need to have a little
background on exactly how your operating system runs on your computer.
This is a brief overview of the operating system on a computer,
as shown in Figure 1

Most operating systems have what is called a kernel. This kernel is a running software process that handles access between all the programs running on your computer and all the physical hardware connected to your computer.
If you have ever used Node.js and written a file to disk, technically it’s not Node.js talking directly to the physical device, it’s Node.js saying to your kernel: I want to write a file to disk, the kernel then takes that information and eventually processes it on disk. So, the kernel is always kind of an intermediate layer that handles access between these programs and the actual disk.
These programs interact with the kernel through what are called system calls. They are essentially like function calls (to execute function code).
The kernel provides various endpoints to say, hey, if you want to write a file to disk, call this endpoint of this function here, it needs a certain amount of information, and that information is eventually written to disk or memory and so on.
Let us take an imaginary example as shown in Figure (2). Suppose Chrome needs Python v2 to run and Node.js needs Python v3, and we have Python v2 installed on our disk, and it is not allowed to have two identical Python installations at the same time.

How can we solve this problem? One way is to use a feature
of the operating system known as Name Spacing. With Name Spacing, we can look
at all the different hardware resources that are connected to our computer, and
we can segment parts of those resources so that we can create a segment of our
hard drive specifically to house Python v2 and another to house Python v3 &
so that Chrome has access to the segment that contains Python v2, and also Node.js
has access to the segment that contains the Python version v3. Every time one
of them makes a system call to read information from disk, the kernel looks at
the incoming system call and tries to figure out which process it is coming
from and directs it to its segment, as displayed in Figure 3.

By using this type of namespace or segmentation feature, we can ensure that Chrome and Node.js can operate on the same machine.
Name spacing says that this area of disk is dedicated to this process, and control groups can be used to limit the amount of memory a process can use, the amount of CPU, memory, and disk.
So, these two functions together can be used to isolate a
single process and limit the number of resources it can communicate with.


But the feature of name spacing, and control groups
(C-groups) is not standard in all operating systems, they are specific to Linux
operating system, not Windows or Mac OS. So how we can create containers on
Windows and MAC OS will be discussed in the next article.