Docker Containers and underlying OS

Hi All,
I have a doubt on how Docker runs the images.
From the course here I understand that every image or its base image must contain an OS image. In this case, while running the container, does Docker need to link the underlying OS kernel from the Host machine?

Another scenario : if someone builds an image of the application only, without any OS image (even in the base image), then will this image be able to run in container ? If yes, then which OS will Docker user to run this application in the image? If Docker will use the underlying host OS kernel, then that Application image must be compatible with the Host machine OS kernel…right ?

Hi animaity,

An OCI container image (aka “Docker image”) is a stand-alone data structure. Once that file has been created with docker build, it doesn’t need anything other than a container runtime (aka docker engine, containerd, cri-o, etc) to run.

A container image is usually built from another “base” image, e.g. it’s defined by a Dockerfile starting with

  1. FROM alpine

In this case, the resulting image would be based on an Alpine OS based image.

Basing an image on another should only be done when the resulting image needs something from that base - other binaries, data files, or shared libraries. If a developer knows exactly what they want, instead of basing on another image, the image can be based on nothing:

  1. FROM scratch

The resulting image will be smaller and specific to the desired task, but the developer will have to copy in each dependency that they want. Many of the “official” images are like this - see the Debian Jessie Dockerfile as an example.

Thanks for the reply. My further query is only related to the images built “FROM scratch”.

OS is always a dependency for each image to run. So, from the answer above I see that the OS has to be incorporated within the image itself even if it is built “FROM scratch”.

Now, while explaining the reason why Docker runtime is faster than VM, I think there was a point that -->
Docker Runtime is capable of linking Host Machine’s OS Kernel with the container.
VM instead has its own fully loaded OS on top of Host Machine OS, that makes VM slower than Docker.

But here, I am getting the feeling that Docker Runtime does not depend on the Host Machine OS at all as it always get an OS image within the running container …!?
I wanted to know from this perspective of Docker Runtime.

For VM, it is very clear that each program command is interpreted by both OS (VM + host)
For Docker Runtime, how each command of the container program is executed by the CPU ? Can you please point to some article on this. This is remaining a grey area.