A container is a normal process started with extra isolation. Linux namespaces give it its own view of processes, hostnames, mounts, users, and networks; cgroups limit how much CPU and memory it can consume.
That means a container is not a tiny virtual machine. It shares the host kernel, starts quickly, and disappears when its main process exits unless you keep external state somewhere else.
Mental model
Start with the process. Docker creates a process from an image, gives it isolated namespaces, attaches filesystem layers, and watches the main command. When that command exits, the container is done.
This is why long-running containers usually run a server, shell, worker, or sleep command as PID 1. If the main process crashes, Docker reports the container as exited.
Commands to inspect it
Use these commands to move from the high-level idea to concrete evidence on your machine.
docker run --name demo -d ubuntu:24.04 sleep infinity
docker ps
docker exec -it demo sh
docker inspect demo
docker rm -f demoCommon mistakes
Do not store important generated files only inside a disposable container unless the exercise specifically asks for it. Recreating the container recreates the writable layer from scratch.
Do not assume localhost inside the container means localhost on your laptop. Network namespaces make those different places.
what to remember
- Think process first: if PID 1 exits, the container stops.
- Use docker ps, logs, exec, and inspect to move from symptoms to facts.
- Design containers so they can be deleted and recreated without losing important data.