How containers work!

Julia Evans
234 ratings

When you first start using containers, they seem really weird. Is it a process? A virtual machine? What’s a container image? Why isn’t the networking working? I’m on a Mac but it’s somehow running Linux sort of? And now it’s written a million files to my home directory as root? What’s HAPPENING?

And you’re not wrong. Containers seem weird because they ARE really weird. They’re not just one thing, they’re what you get when you glue together 6 different features that were mostly designed to work together but have a bunch of confusing edge cases.

This zine explains EXACTLY what happens when you run a container on your computer. It turns out that there are only a few big ideas you need to understand what’s going on (images! overlay filesystems! capabilities! pivot_root! cgroups! namespaces! seccomp-bpf!).

Once you understand these fundamentals, you’ll be able to go from “um, my container got killed??? why??? help!!!” to “oh, we set the cgroup memory limit too low! I’ll just look up how to adjust it!”

Print directions: see

Some people have told me that the emails from Gumroad after buying the zine end up in their spam folder, so check there if you don't see it!

You can find me on Twitter at and my email address is

This product is not currently for sale.
234 ratings


(234 ratings)
5 stars
4 stars
3 stars
2 stars
1 star
Powered by


How containers work!

Enter your info to complete your purchase of Personal


or pay with
You'll be charged US$12.