October 2020

Container from scratch: building a Linux container from the ground up

Containers have become increasingly important for Linux developers and administrators. A number of frameworks like LXC, Docker, and Podman are now available to automate the management of containers. However, all these frameworks rely on similar kernel features, particularly control groups, namespaces, and virtual networks. This article demonstrates how to build a functional container from first principles, using only simple command-line tools. It's objective is to make clear all the details that the more sophisticated tools conceal.

Categories: Linux, containers

Why you can't rely on system calls to obtain limits, when running an application in a container

The notion of resource limits (on memory, CPU, etc) has never been very well-defined, and the use of container-based deployment makes the situation worse. This article describes why, and what can be done about it.

Categories: Linux, containers

The importance of enabling compiler warnings in C and C++ programming

I see too many C (and C++) programs misbehave at runtime, for reasons that could easily have been detected using checks built into all modern compilers. This article describes some common C programming errors, and shows how they would have been spotted easily if the compiler were configured correctly.

Categories: software development, C