LXR is a Linux Container Runtime and browser-accessible development environment that I built from scratch using Linux namespaces, cgroups, networking, PTY execution and isolated root filesystems.
In this talk, I’ll be explaining how LXR works internally and the problems I faced while building it from scratch. I’ll talk about
- Container isolation using namespaces & cgroups
- Filesystem isolation with pivot_root and OverlayFS
- Bridge networking using veth pairs
- PTY based terminal execution
- Container lifecycle management
- Browser-accessible development environments using code-server
- Custom O(1) IP allocator I built for container networking.
I’ll also share the painful parts of building LXR with namespace restrictions that completely confused me at first, networking bugs that took hours to debug, PTY issues, filesystem problems, containers randomly breaking at 2am, and the amount of trial and error it took before containers finally started behaving properly.
This talk is mostly about understanding what actually happens internally when a container gets created instead of treating containers like black-box tooling.