- bootfs: the kernel on the host to be shared by all the containers
uname -ron the host and in the container: the same kernel info
- rootfs: each container's userspace filesystem, it includes /dev, /proc, /bin
- image contains multiple layers which are mutable
- container layer: only the top layer is a writable layer corresponds to a container
