I was going through an article to build containers from scratch without using docker just by making use of linux system calls like chroot, unshare, nsenter, etc.
Does docker internally a wrapper around these system calls, it seems like docker exec is not using nsenter as per this answer
If docker is using these calls which golang binary is it using to have these system calls.
Or docker is a wrapper around lxc but it don't seems to me as per this answer
Can anyone point me out the exact low level stuff (system calls/lxc,etc) that docker is currently using to build a container.