simos
commented
10 months ago A Linux system is made of the Linux kernel, an init process (mother of all processes) and the rootfs (root filesystem). The Linux kernel boots up, finishes the core kernel initializations and then runs the init process from the rootfs. From then on, several processes are started and you have a working Linux system. You can view all these processes as a process tree, processes started by other processes, all leading to the initial mother process. One example of init process is systemd, which makes sense for desktop Linux systems and servers.
Is it possible to have more than one Linux system on a Linux system? On a running Linux system you could launch a init-compatible process on a separate rootfs. Well, these are the containers. In practice you would need to separate one such running process tree from another so they do not interfere with each other. This is performed using a Linux kernel feature called namespaces.
One application of containers is the application containers (pun intended), like Docker. The init has been optimized so that it runs only the specific things that you have described in the Dockerfile. When it is done running, the application container stops.
Another application of containers is the system containers, like incus. You have many options for a rootfs that much most of the Linux distributions. They also run the stock init of these Linux distributions. You launch a system container and it stays running until you shut it down. Just like with a Linux system or a VM.
Can you mess up the distinction even further? Sure you can. You can take Docker, replace the init process with something else and you get system containers.
All in all, with containers you are reusing the running Linux kernel to launch new process trees of different rootfs. The Linux kernel has a very stable API so any Linux distribution should work. The namespaces are separating each process tree for messing with each other. A container never includes a Linux kernel. A container expects that a Linux kernel is already running.
Namespaces can also be nested. You can run a namespace in a namespace. This means that you can run a container within a container. An incus server inside an incus container. Docker inside an incus container.
ShalokShalom
I am currently improving this page of documentation, and like to understand some aspects of it first myself, so I can do that.
My assumption is, that most people come from a world, that consists mainly of containers and VMs. I did not read before, that there may be a difference between something like an application container, and a system container.
I struggle to understand, what a system container contains, that an application container doesn't.
As far as I am aware, a Docker container always contains an operating system - including a file system, a certain userland, and the application itself.
Only the kernel is left to the host. So now I am reading, that there is a distinction between two types of container, and the provided documentation is not really going into the details, what parts are shared and what not.
From the limited information provided, do I assume that the difference is simply, that system containers allow to run multiple applications side by side and within the same container.
So it basically groups applications, and is besides this, still a container? A multi-app container?
In order to improve the understanding of this page, do I consider making a table in Markdown. I also seek to retain the black text of the provided images, and that one disappears in dark mode.
The images in question are both svg with a transparent background. We would need to rerender them with an opaque background, to work.