10

As I understand, a Docker image (and consequently, a container) can be instantiated from different Linux distributions, such as Ubuntu, CentOS and others.

Let's say my Docker host is running standard Ubuntu 14.04.

  • What happens if I use container that is not based on the same Linux distribution?
  • Not 14.04?
  • Not Ubuntu (or any other Debian-based)?
  • What are the disadvantages of using different base-images of images you use? (Let's say I use Image A that uses Ubuntu as a base image, Image B that used Debian as base image and Image C that uses CentOS as base image)?

Bonus question: How can I tell what base image was used for an image if the developer didn't specify it in the Docker Hub description?

Improve this question

3 Answers 3

Reset to default
9

Docker does not use LXC (not since Docker 0.9) but libcontainer (now runc), a built-in execution driver which manipulates namespaces, control groups, capabilities, apparmor profiles, network interfaces and firewalling rules – all in a consistent and predictable way, and without depending on LXC or any other userland package.

A docker image represents a set of files winch will run as a container in their own memory and disk and user space, while accessing the host kernel.
This differs from a VM, which does not access the host kernel but includes its own hardware/software stack through its hypervisor.
A container has just to set limits (disk, memory, cpu) in the host. An actual VM has to build an entire new host.

That docker image (group of files) can be anything, as long as:

That means an image can be anything: another linux distro, or even a single executable file. Any executable compile in go (https://golang.org/) for instance, could be packaged in its own docker image without any linux distro:

FROM scratch COPY my_go_exe / ENTRYPOINT /my_go_exe

scratch is the "empty" image, and a go executable is statically linked, so it is self-contained and only depends on system calls to the kernel.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for the answer, it is now much clear now! So why people keep saying that it is good Idea to instantiate all your images from same base image? Chris Pitman gave pretty reasonable answer in this thread, do you agree with what said?
@SmxCde As long as your kernel is "recent enough" (3.14 or more), the base image should not matter. Starting from the same base image would only help in not consuming too much space in /var/lib/docker/images on the host, but beside that, you can use as many base image as you want. (with Chris' caveat about security)
6

The main thing shared between the host OS and docker container is the kernel. The main risk of running docker containers from different distributions/versions is that they may depend on kernel functionality not present on the host system, for example if the container expects a newer kernel than the host has installed.

In theory, the Linux kernel is backwards compatible. As long as the host kernel is newer than the container kernel it should work.

From an operational perspective, each time you start depending on a different base image that is another dependency that you need to monitor for updates and security issues. Standardizing on one distribution reduces the workload for your ops team when the next big vulnerability is discovered.

Improve this answer

Comments

2

Docker uses LXC, which is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

You can compare this to a VM on your machine, where you start another Linux distro, which does not have to be the same as your host OS. So it does not matter, if your host os is the same as the base image of your container.

In Docker, the container is built from layers. Each step (command) in your Dockerfile represent one layer, which are applied one after the other. The first step ist to apply the base OS layer, which is indicated by FROM.

So to answer your bonus question, you can have a look inside the Dockerfile of the container you're using (it's the third tab on DockerHub) and see in the first statement, which is the base image (os).

Improve this answer

2 Comments

Thank you for the answer! But so far what you are saying is a bit confusing for me. Since I started to learn about the Docker I see that they position themselves as software that is not VM, for example take a look at this picture: i.imgur.com/MJHfm1c.jpg and you are saying that it is some kind of VM on OS level, or similar to it. I understand that my question may be silly but I an not a ops or any kind of linux guy so sorry about that ;)
Maybe it would be more clear for me if you could just explain difference between real VM and what Docker with LXC does, or advantages of using a) Same distributive as on host machine b) same base image for all my docker containers, as I understand it is recommended... thank you!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.