Containerization

Containerization is where processes are sandboxed under Linux via 

namespaces
and cgroups—or via jails under BSDs—to limit the process's access to the larger system. Common features of this are limiting filesystem access via a changed root—commonly called a 
chroot
​—which changes the root of the filesystem as the process sees it to a specified path, restricting the process namespace, and other such changes to restrict the process.

Local Graph

org-roam a29f2f24-2eb7-45dd-ad90-b10d4df99191 Kernel Control Groups (cgroups) 77fd9b85-e09e-4011-b09c-e9a7bff5463e Containerization a29f2f24-2eb7-45dd-ad90-b10d4df99191->77fd9b85-e09e-4011-b09c-e9a7bff5463e 77fd9b85-e09e-4011-b09c-e9a7bff5463e->a29f2f24-2eb7-45dd-ad90-b10d4df99191 bf0bc2d7-17df-413c-823b-93904faffc58 Linux 77fd9b85-e09e-4011-b09c-e9a7bff5463e->bf0bc2d7-17df-413c-823b-93904faffc58 412bbcad-6c00-4f13-b748-d1ffde0588e1 Operating System 77fd9b85-e09e-4011-b09c-e9a7bff5463e->412bbcad-6c00-4f13-b748-d1ffde0588e1 a4c2de37-5317-44f3-b877-ec0b5777c61f File System 77fd9b85-e09e-4011-b09c-e9a7bff5463e->a4c2de37-5317-44f3-b877-ec0b5777c61f