In this chapter, you have seen the isolation of containers using the Linux container technology, such as LXC and now Libcontainer. Libcontainer is Docker's own implementation in the Go programming language to access the kernel namespace and cgroups. This namespace is used for process-level isolation, while cgroups are used for restricting the resource usage of running containers. Since the containers run as independent processes directly over the Linux kernel, the Generally Available (GA) debugging tools are not fit enough to work inside the containers to debug the containerized processes. Docker now provides you with a rich set of tools to effectively debug the container as well as processes inside the container itself. The docker exec command will allow you to log in to the container without running an SSH daemon in the container. You have seen the details of each debugging tool in this chapter.

The docker stats command provides information about the container's memory and CPU usage. The docker events command reports the events, such as create, destroy, and kill. Similarly, the docker logs command fetches the logs from the container without logging in to the container.

As a next step, you can try the latest Microsoft Visual Studio Tools for Docker. It provides a consistent way to develop and validate your application in the Linux Docker container. For details, you can refer to https://docs.microsoft.com/en-us/azure/vs-azure-tools-docker-edit-and-refresh.

Also, if you would like to debug the Node.js application live running in IDE (Visual Studio Code), try this blog: https://blog.docker.com/2016/07/live-debugging-docker/.

The next chapter expounds the plausible security threats of Docker containers and how they can be subdued with a variety of security approaches, automated tools, best practices, key guidelines, and metrics. We will discuss the security of containers versus virtual machines with Docker's adaptability of third-party security tools and practices.