0:00 Intro: Containers vs. VMs & The Docker Secret 0:34 Linux Namespaces: How Process Isolation Works 1:25 cgroups (Control Groups): Limiting Container Resources 1:54 The Core Difference: Namespaces vs. cgroups 2:18 Hands-On Demo: The docker run Command Breakdown 3:00 Namespaces in Action: Mount & PID Isolation Demo 5:40 Docker's Internal Architecture: containerd & runc 6:46 The Open Container Initiative (OCI) Standard 7:44 OCI Image Specification: Layers and Config 8:49 Deconstructing a Docker Image: Tarballs and Layers 9:50 OCI Runtime Spec & runc Explained 10:59 Inside the OCI File 11:47 Final Demo: Running a Container Directly with runc Unpack the core Linux primitives that power Docker containers. This video explains how Namespaces provide isolation and cgroups manage resources like CPU and memory. We'll also break down the OCI (Open Container Initiative) standard and the roles of containerd and the low-level runtime runc. Includes a hands-on demo of running a container with runc. Essential knowledge for developers and DevOps engineers.