[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

systemd-nspawn (was Re: What is agetty, and why can't it be stopped?)

On Fri, Jun 07, 2019 at 02:21:52PM -0500, Nicholas Geovanis wrote:

I just learned earlier today of systemd-nspawn as a possible
containerization solution (my mind boggles....).
Yes. Systemd's main job is to spawn sub-processes. A container is a process run under various constraints. From what I understand nspawn 
adds some additional features, but many of the isolation features are
already present in systemd, without nspawn.


Do you know if removing systemd-sysv would undercut nspawn?


I suspect it would not work at all if you were not running systemd as
the init system.


Have you tried nspawn for that containerization? Any strong views?


I haven't tried it at all myself yet. I think it looks like a useful tool and
less invasive than e.g. Docker. You can get many of the isolation features of
containers with systemd's features already, without nspawn. See:

   http://0pointer.de/blog/projects/security.html

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
Reply to: