This talk explains containers from first principles and shows how the core Linux namespace primitives come together and are assembled to form a container.
Talk Description:
This talk peels back the abstraction and explains containers from first principles, starting with how Linux runs processes and gradually building up the core isolation mechanisms that make containers possible.
Rather than treating containers as a product or a tool, this session focuses on the Linux kernel primitives behind them—specifically namespaces—and shows how these primitives are composed to form what we now call a container. The audience will learn how Linux selectively isolates global resources such as process IDs, filesystems, networks, hostnames, and users, allowing a single kernel to create multiple, independent “worlds” for processes.
Through simple mental models, visual explanations, and step-by-step reasoning, the talk demystifies how container runtimes work under the hood. Attendees will see how namespaces interact with each other, why some namespaces are hierarchical while others are not, and how combining them enables flexible, lightweight virtualization without the overhead of traditional virtual machines.
Target Audience: Anyone curious about Linux. No prior Docker or Container Knowledge required.
Talk Format
Duration: 30–40 minutes
Style: Conceptual, first-principles, explanation-driven
Delivery: Architectural Images, simplified visuals, and minimal code snippets
Focus: Understanding over tooling
Key takeaways:
Understand containers as processes with isolated views of system resources
Explain what Linux namespaces are and why they exist
Identify the major namespace types (PID, mount, network, UTS, IPC, user, cgroup)
Understand how namespace isolation differs from Virtual Machines
Build a clear mental model of how container runtimes assemble namespaces to create containers