Docker is an open-source project that automates the deployment of Linux applications inside software containers.
These containers wrap a piece of software in a complete file system that houses everything needed to run, including code, runtime, system tools, system libraries – anything that can be installed on a server. This ensures the software will always run the same, regardless of its environment.
Docker provides an additional layer of abstraction and automation of operating-system-level virtualisation on Linux.
The offering uses the resource isolation features of the Linux kernel, such as cgroups and kernel namespaces, and a union-capable file system (such as aufs and others) to allow independent ‘containers’ to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines.
The Linux kernel's support for namespaces mostly isolates an application's view of the operating environment, including process trees, network, user IDs and mounted file systems, while the kernel's cgroups provide resource limiting, including the CPU, memory, block I/O and network.
With version 0.9, Docker includes the libcontainer library to directly use virtualisation facilities provided by the Linux kernel, in addition to using abstracted virtualisation interfaces via libvirt, LXC (Linux Containers) and systemd-nspawn.