At LinuxCon 2013 I gave a talk that dissects “Linux Containers” into its component parts in the Kernel: cgroups and namespaces. The talk shows how cgroups act as the “accounting bean counter” and namespaces as the “castle walls” that isolate processes from each other.
If you are already familiar with the basics of namespaces and cgroups I show
off some tools like
systemd-nspawn. Skip to the end
to catch the demos.