Docker takes advantage of various linux sandboxing features. On a linux bare metal host it's just a combination of namespaces and resource constraints (cgroups) whereas on other platforms it will have to be the above within a bonafide VM running a linux kernel. The general rule is that linux maintains backward compatability even in ABI so as long as the host kernel is the same or newer than the image requirements it should just work. Things wont work for example if your image requires iouring (a brand new syscall interface) but your host OS is running 4.x (doesn't map iouring syscalls to anything).
No comments yet.