title: Apache Mesos - Mesos Containerizer layout: documentation
Mesos Containerizer
The Mesos Containerizer provides lightweight containerization and resource isolation of executors using Linux-specific functionality such as control cgroups and namespaces. It is composable so operators can selectively enable different isolators.
It also provides basic support for POSIX systems (e.g., OSX) but without any actual isolation, only resource usage reporting.
Isolators
Isolators are components that each define an aspect of how a tasks execution environment (or container) is constructed. Isolators can control how containers are isolated from each other, how task resource limits are enforced, how networking is configured, how security policies are applied.
Since the isolator interface is modularized, operators can write modules that implement custom isolators.
Mesos supports the following built-in isolators.
- appc/runtime
- cgroups/blkio
- cgroups/cpu
- cgroups/cpuset
- cgroups/devices
- cgroups/hugetlb
- cgroups/mem
- cgroups/net_cls
- cgroups/net_prio
- cgroups/perf_event
- cgroups/pids
- disk/du
- disk/xfs
- docker/runtime
- docker/volume
- environment_secret
- filesystem/linux
- filesystem/posix
- filesystem/shared
- filesystem/windows
- gpu/nvidia
- linux/capabilities
- linux/devices
- linux/nnp
- linux/seccomp
- namespaces/ipc
- namespaces/pid
- network/cni
- network/port_mapping
- network/ports
- posix/cpu
- posix/mem
- posix/rlimits
- volume/csi
- volume/host_path
- volume/image
- volume/sandbox_path
- volume/secret
- windows/cpu
- windows/mem