Docker is a long-lived daemon process with a thin CLI client which makes it easy to
clone() new processes with their own PID namespaces, network interfaces, root filesystem, mounts, and hostname.
image contains a filesystem tree (actually an
aufs filesystem which allows one image to be implemented as a "layer" on top of another more "base" image).
Dockerfile is a list of instructions for building a docker image.
A "running" docker
container is a process, created with
clone() with its own separate:
mntnamespace (root directory,
mount) based on a docker image
- PID namespace (the process is PID 1)
- IPC namespace
container lives on in a "stopped" state even after the process exits. You can start a new process within this container later.