podman

When Docker came onto the scene, it did not invent containers from scratch. The real magic was already implemented inside the Linux kernel in the form of two core technologies: cgroups and namespaces. cgroups allow managing and profiling system resources on a per-process basis (CPU, memory, and I/O). namespaces, on the other hand, customize the system view of a process, giving each one a virtual and exclusive view of the file system, network, memory space, process space, and more....