Linux Containers Basic Concepts Lucian Carata FRESCO Talklet, 3 Oct 2014 Underlying kernel mechanisms cgroups namespaces seccomp capabilities CRIU manage resources for groups of processes per process resource isolation limit available system calls limit available privileges checkpoint/restore (with kernel support) cgroups - user space view low-level filesystem interface similar to sysfs (/sys) and