{"id":476411,"date":"2023-08-09T07:29:55","date_gmt":"2023-08-09T07:29:55","guid":{"rendered":""},"modified":"2023-09-05T11:12:42","modified_gmt":"2023-09-05T11:12:42","slug":"container-isolation","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/container-isolation\/","title":{"rendered":"\u30b3\u30f3\u30c6\u30ca\u306e\u5206\u96e2"},"content":{"rendered":"

\u30b3\u30f3\u30c6\u30ca\u306e\u5206\u96e2\u3068\u306f\u3001\u500b\u3005\u306e\u30b3\u30f3\u30c6\u30ca\u3092\u4e92\u3044\u306b\u3001\u307e\u305f\u30db\u30b9\u30c8 \u30b7\u30b9\u30c6\u30e0\u304b\u3089\u5206\u96e2\u3057\u3066\u9694\u96e2\u3059\u308b\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u6307\u3057\u307e\u3059\u3002\u30b3\u30f3\u30c6\u30ca\u306e\u5206\u96e2\u306f\u3001\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3068\u57fa\u76e4\u3068\u306a\u308b\u30b7\u30b9\u30c6\u30e0\u74b0\u5883\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u6574\u5408\u6027\u3092\u78ba\u4fdd\u3059\u308b\u305f\u3081\u306b\u4e0d\u53ef\u6b20\u3067\u3059\u3002<\/p>\n

\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u9032\u5316\u3068\u6700\u521d\u306e\u8a00\u53ca<\/h2>\n

\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u30a2\u30a4\u30c7\u30a2\u306f\u3001\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306b\u304a\u3051\u308b\u30d7\u30ed\u30bb\u30b9\u5206\u96e2\u306e\u5fc5\u8981\u6027\u304b\u3089\u751f\u307e\u308c\u307e\u3057\u305f\u30021982 \u5e74\u306b Unix \u7cfb\u30b7\u30b9\u30c6\u30e0\u5411\u3051\u306b\u958b\u767a\u3055\u308c\u305f Chroot \u306f\u3001\u30b3\u30f3\u30c6\u30ca\u5316\u306b\u5411\u3051\u305f\u6700\u521d\u306e\u5927\u304d\u306a\u4e00\u6b69\u3067\u3057\u305f\u304c\u3001\u5206\u96e2\u306f\u9650\u5b9a\u7684\u3067\u3057\u305f\u3002<\/p>\n

\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u73fe\u4ee3\u7684\u306a\u6982\u5ff5\u306f\u3001FreeBSD jail \u3068 Solaris Zones \u306e\u5c0e\u5165\u306b\u3088\u308a 2000 \u5e74\u4ee3\u521d\u982d\u306b\u767b\u5834\u3057\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3001\u30b3\u30f3\u30c6\u30ca\u5316\u304c\u672c\u683c\u7684\u306b\u666e\u53ca\u3057\u59cb\u3081\u305f\u306e\u306f\u30012008 \u5e74\u306b Linux Containers (LXC) \u304c\u5c0e\u5165\u3055\u308c\u3066\u304b\u3089\u3067\u3057\u305f\u3002LXC \u306f\u3001\u5358\u4e00\u306e Linux \u30db\u30b9\u30c8\u4e0a\u3067\u8907\u6570\u306e\u5206\u96e2\u3055\u308c\u305f Linux \u30b7\u30b9\u30c6\u30e0 (\u30b3\u30f3\u30c6\u30ca) \u3092\u5b9f\u884c\u3067\u304d\u308b\u4eee\u60f3\u74b0\u5883\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306b\u8a2d\u8a08\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n

\u300c\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u300d\u3068\u3044\u3046\u7528\u8a9e\u306f\u30012013 \u5e74\u306e Docker \u306e\u767b\u5834\u306b\u3088\u308a\u811a\u5149\u3092\u6d74\u3073\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002Docker \u306f\u521d\u671f\u6bb5\u968e\u3067\u306f LXC \u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u305d\u306e\u5f8c\u72ec\u81ea\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u3067\u3042\u308b libcontainer \u306b\u7f6e\u304d\u63db\u3048\u307e\u3057\u305f\u3002<\/p>\n

\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u8a73\u7d30<\/h2>\n

\u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u3068\u306f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u4e92\u3044\u306b\u5e72\u6e09\u3059\u308b\u3053\u3068\u306a\u304f\u5b9f\u884c\u3067\u304d\u308b\u72ec\u7acb\u3057\u305f\u30b9\u30da\u30fc\u30b9\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u3053\u308c\u306b\u306f\u3001\u540d\u524d\u7a7a\u9593\u3001cgroup (\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb \u30b0\u30eb\u30fc\u30d7)\u3001\u968e\u5c64\u5316\u30d5\u30a1\u30a4\u30eb \u30b7\u30b9\u30c6\u30e0\u306a\u3069\u3001\u3044\u304f\u3064\u304b\u306e\u624b\u6cd5\u3068 Linux \u30ab\u30fc\u30cd\u30eb\u6a5f\u80fd\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n

    \n
  1. \n

    \u540d\u524d\u7a7a\u9593:<\/strong> \u540d\u524d\u7a7a\u9593\u306f\u30d7\u30ed\u30bb\u30b9\u304c\u53c2\u7167\u3067\u304d\u308b\u5185\u5bb9\u3092\u5236\u9650\u3057\u3001\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306e\u74b0\u5883\u306b\u5bfe\u3059\u308b\u30d7\u30ed\u30bb\u30b9\u306e\u30d3\u30e5\u30fc\u3092\u5206\u96e2\u3057\u307e\u3059\u3002\u540d\u524d\u7a7a\u9593\u306b\u306f\u3001\u30d7\u30ed\u30bb\u30b9 ID (PID) \u540d\u524d\u7a7a\u9593\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u540d\u524d\u7a7a\u9593\u3001\u30de\u30a6\u30f3\u30c8\u540d\u524d\u7a7a\u9593\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u306a\u3069\u3001\u3055\u307e\u3056\u307e\u306a\u7a2e\u985e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n

  2. \n

    C\u30b0\u30eb\u30fc\u30d7:<\/strong> \u30b3\u30f3\u30c8\u30ed\u30fc\u30eb \u30b0\u30eb\u30fc\u30d7\u306f\u3001\u30d7\u30ed\u30bb\u30b9\u304c\u4f7f\u7528\u3067\u304d\u308b\u3082\u306e (CPU\u3001\u30e1\u30e2\u30ea\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5e2f\u57df\u5e45\u306a\u3069) \u3092\u5236\u9650\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u30ea\u30bd\u30fc\u30b9\u306e\u4f7f\u7528\u72b6\u6cc1\u306e\u512a\u5148\u9806\u4f4d\u4ed8\u3051\u3084\u8a08\u7b97\u306b\u3082\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<\/li>\n

  3. \n

    \u968e\u5c64\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0:<\/strong> \u3053\u308c\u3089\u306f\u30a4\u30e1\u30fc\u30b8 \u30ec\u30a4\u30e4\u30fc\u306e\u5206\u96e2\u3068\u30aa\u30fc\u30d0\u30fc\u30ec\u30a4\u3092\u53ef\u80fd\u306b\u3057\u3001Docker \u30a4\u30e1\u30fc\u30b8\u3068\u30b3\u30f3\u30c6\u30ca\u30fc\u306e\u7ba1\u7406\u306b\u4e0d\u53ef\u6b20\u3067\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

    \u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u5185\u90e8\u69cb\u9020\u3068\u305d\u306e\u4ed5\u7d44\u307f<\/h2>\n

    \u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u306e\u89b3\u70b9\u304b\u3089\u898b\u305f\u30b3\u30f3\u30c6\u30ca\u306e\u5206\u96e2\u306f\u3001\u6b21\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u73fe\u3055\u308c\u307e\u3059\u3002<\/p>\n

      \n
    1. \n

      \u30b3\u30f3\u30c6\u30ca\u30e9\u30f3\u30bf\u30a4\u30e0:<\/strong> \u3053\u308c\u306f\u3001Docker\u3001Containerd\u3001CRI-O \u306a\u3069\u306e\u30b3\u30f3\u30c6\u30ca\u3092\u5b9f\u884c\u304a\u3088\u3073\u7ba1\u7406\u3059\u308b\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u3059\u3002<\/p>\n<\/li>\n

    2. \n

      \u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8:<\/strong> \u3053\u308c\u3089\u306f\u3001\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u3082\u306e\u304c\u3059\u3079\u3066\u542b\u307e\u308c\u305f\u3001\u8efd\u91cf\u3067\u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u306e\u5b9f\u884c\u53ef\u80fd\u30d1\u30c3\u30b1\u30fc\u30b8\u3067\u3059\u3002<\/p>\n<\/li>\n

    3. \n

      \u30b3\u30f3\u30c6\u30ca\u30a8\u30f3\u30b8\u30f3:<\/strong> \u3053\u308c\u306f\u3001\u30db\u30b9\u30c8 \u30b7\u30b9\u30c6\u30e0\u306e\u30ab\u30fc\u30cd\u30eb\u3092\u6d3b\u7528\u3057\u3066\u30b3\u30f3\u30c6\u30ca\u30fc\u3092\u4f5c\u6210\u3059\u308b\u57fa\u76e4\u3068\u306a\u308b\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n

      \u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b\u306f\u3001\u6b21\u306e\u624b\u9806\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n

        \n
      1. \u30b3\u30f3\u30c6\u30ca \u30e9\u30f3\u30bf\u30a4\u30e0\u306f\u5fc5\u8981\u306a\u30b3\u30f3\u30c6\u30ca \u30a4\u30e1\u30fc\u30b8\u3092\u30d7\u30eb\u3057\u307e\u3059\u3002<\/li>\n
      2. \u30a4\u30e1\u30fc\u30b8\u304c\u30b3\u30f3\u30c6\u30ca \u30a8\u30f3\u30b8\u30f3\u306b\u8aad\u307f\u8fbc\u307e\u308c\u307e\u3059\u3002<\/li>\n
      3. \u30b3\u30f3\u30c6\u30ca \u30a8\u30f3\u30b8\u30f3\u306f\u3001\u540d\u524d\u7a7a\u9593\u3001cgroup\u3001\u304a\u3088\u3073\u30a4\u30e1\u30fc\u30b8\u306e\u30d5\u30a1\u30a4\u30eb \u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3057\u3066\u5206\u96e2\u3055\u308c\u305f\u74b0\u5883\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/li>\n
      4. \u30b3\u30f3\u30c6\u30ca\u5185\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u4ed6\u306e\u30b3\u30f3\u30c6\u30ca\u3084\u30db\u30b9\u30c8 \u30b7\u30b9\u30c6\u30e0\u304b\u3089\u5206\u96e2\u3055\u308c\u3066\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/li>\n<\/ol>\n

        \u30b3\u30f3\u30c6\u30ca\u5206\u96e2\u306e\u4e3b\u306a\u7279\u5fb4<\/h2>\n