Linux Containers Internals

Linux Containers Internals

Instructors: Jay Ryan (RedHat Inc.)


Have you ever wondered how Linux Containers work? How they really work, deep down inside? How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does Podman and CRI-O translate what the user submits into something the Linux kernel understands? How does Kubernetes talk to CRI-O? How are container images made? How can we troubleshoot and debug issues that arise within the container?

Well, we will answer these questions and more. If you want a deep technical understanding of containers, this is the lab for you. Join Red Hat engineers as we walk you through the deep, dark internals of the container host and what’s packaged in the container image. These hands-on labs will give you the knowledge and confidence it takes to leverage your current Linux technical knowledge and put you in command of having technical conversations around containers.


  • Getting started with containers
    • Introduction to Containers
    • Container Images
    • Container Registries
    • Container Hosts
    • Container Orchestration
  • Managing your containers
    • Internalize the difference between base images and multi-layered images
    • Understand the full URL of an image/repository
    • Command a complete understanding of what’s inside of a container image
  • Understanding Container Registries
    • Understanding the Basics of Trust – Quality & Provenance
    • Evaluating Trust – Images and Registry Servers
    • Analyzing Storage and Graph Drivers
  • Running container images with hosts
    • Container Engines & The Linux Kernel
    • Step by step creation of a container
    • SELinux & sVirt: Dynamically generated contexts to protect your containers
    • Cgroups: Dynamically created with container instantiation
    • SECCOMP: Limiting how a containerized process can interact with the kernel
  • Understanding container orchestration
    • Multi-Container Workloads: The classic two-tiered, wordpress application
    • Inspecting & Troubleshooting: Using the OpenShift web interface
    • Cluster Performance: Scaling applications horizontally with containers
    • Distributed Debugging: Troubleshooting in a distributed systems environment
  • Architecting a better environment
    • Overview of The OCI Specifications
    • The OCI Image Specification
    • The OCI Runtime Specification
    • The OCI Runtime Reference Implementation

Student Requirements and Prerequisites

  • Participants should have a System Administration / Linux background with the following suggested tools and/or skills:
  • Competency on the Linux® command line
  • A general/high-level understanding of Linux containers(e.g., Docker, CRI-O, etc.)
  • A general/high-level understanding of authentication(e.g., LDAP/AD)

What Students Should Bring

  • A laptop with internet access free from VPN or corporate proxies

Instructor’s Bio

Jay Ryan is a Solutions Architect specializing in Kubernetes, OpenShift, and Ansible and is based in Cincinnati, OH.  He joined Red Hat in 2020 after working in Automation and System Engineering for 15 years.  Jay is passionate about leaning into the friction where technology and business, development and operations, and tools and culture meet.  He is a previous Red Hat Accelerator and user group organizer in the Cincinnati area.

Date and Time

Friday, December 2, 2022

  • Morning session: 9:00 AM to 12:30 PM
  • Lunch break: 12:30 to 1:30 PM
  • Afternoon session: 1:30 PM to 5:00 PM


Go to the registration page to register for the training course and select “OLFI Professional Pass”. During the registration process, you will get an option to select your training program.