On Fri, Jun 07, 2019 at 02:21:52PM -0500, Nicholas Geovanis wrote:
I just learned earlier today of systemd-nspawn as a possible containerization solution (my mind boggles....).
Yes. Systemd's main job is to spawn sub-processes. A container is a process run under various constraints. From what I understand nspawn
adds some additional features, but many of the isolation features are already present in systemd, without nspawn.
Do you know if removing systemd-sysv would undercut nspawn?
I suspect it would not work at all if you were not running systemd as the init system.
Have you tried nspawn for that containerization? Any strong views?
I haven't tried it at all myself yet. I think it looks like a useful tool and less invasive than e.g. Docker. You can get many of the isolation features of containers with systemd's features already, without nspawn. See: http://0pointer.de/blog/projects/security.html -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
