In modern software development, containers have become a standard tool for deploying code. However, they are frequently misunderstood and described as "lightweight virtual machines." For many developers - especially those transitioning from academia, like myself - the layer between their python code and the operating system kernel is often overlooked. This talk is based on the idea that the best way to understand a concept is to implement it in its simplest form. By bypassing the complexity of modern container orchestrators, we can focus on the fundamental system calls that make isolation possible.

During the session, we will demonstrate the core mechanics of containerization by building a minimal engine in python. We will begin by preparing a root filesystem to show what a container image actually is at its most basic level. We will implement isolation using the os.chroot() function to trap a process in a specific directory and will talk about linux namespaces, which isolate what a process can see, and cgroups, which limit how much of the hardware resources a process can use.

The main takeaways of this talk include a clear technical distinction between virtual machines and containers and the realization that a container is essentially a process with a restricted view of the host system. You will gain practical knowledge of the os module for system-level tasks and the confidence to explore low-level computer science concepts by implementing them in python. By the end of this session, you will have a practical understanding of the basic principles that make containerization possible.