Analysing Linus Torvald's Critique of Docker

Docker revolutionised the way we think about software deployment. It’s a lightweight, portable, and scalable solution for containerising applications. But there’s a flag—Linus Torvalds. Or more precisely, Linus’s apprehensions with this tech. I have been in the tech space for a good 15 years now. And as far as I can tell, Linus Torvald’s intuition about a piece of technology has never failed him.

Take blockchain for instance. When everyone was going gaga over the technology back in 2020, Linus didn’t seem all that excited. The sheer complexity of the technology bothered him, and he could already see the issues with scalability of such technologies. Similarly, consider his current stance on the AI boom. While he is impressed by the incredible developments taking place, he is not too sold on the whole AGI hype. It’s easy to see that he has a nose for smelling tech ‘bs’ from a mile away and I trust that.

So when it comes to his critique of Docker, I decided to take it seriously and pay close attention to the aspects of the technology that seem to bother him. My hope is that by the end of this article, I may be able to better articulate the issues in Docker from Linus’s perspective, while also providing potential solutions and next steps for this tech.

Architecture

To understand Docker’s security limitations, we need to examine its core architecture, which revolves around Linux features like namespaces and cgroups (control groups). These components are crucial for container isolation, but they’re not designed to provide the kind of security guarantees you’d expect from full virtualisation.

Docker utilises Linux namespaces to create the illusion of isolation by partitioning kernel resources.

Here’s a breakdown of how each namespace contributes.