Containerization has transformed the world of software development and deployment. Platforms like Docker leverage Linux kernel primitives, specifically Namespaces, Control Groups (cgroups), and Chroot, to provide robust isolation, resource management, and security.
This repository hosts a lightweight, educational container runtime built from scratch to demonstrate exactly how these underlying technologies work together.
We provide two equivalent implementations of the runtime. Each directory contains its own detailed documentation, usage instructions, and experimental proofs (isolation, memory/CPU limits).
The Systems Approach.
A concise, dependency-free implementation using raw Linux utilities (unshare, cgroupfs). Ideal for understanding the low-level system calls and OS interactions.
The Developer Approach. An implementation using Python. Designed for scientists or developers who prefer high-level abstractions over shell scripting while achieving the same kernel-level isolation.
This is an educational exploration, not a Docker replacement.
Real-world engines like Docker offer complex features such as layered file systems, container orchestration, and bridge networking. This project focuses solely on the foundational technologies (Namespaces & Cgroups) to provide a deeper understanding of what lies beneath the "magic" of containerization.
Developed as part of the Cloud Computing (M311) course at UM6P (University Mohammed VI Polytechnic).
Authors:
- Ilyas Hakkou
- Ilyas Boudhaine
Supervisor:
- Dr. Mohamed Riduan Abid