On Sun, Dec 29, 2013 at 02:39:45PM +0100, Rob van der Hoeven wrote: > Hi Folks, >
Hi Rob, > I'm proud to announce a new lightweight virtualization technology called > Program Space which I developed over the past months. This technology > will be used in my new FreedomBox architecture, and I hope it will also > be used to enhance Debian security. > > Program Space is created and managed by a small program called psc, > short for Program Space Control. This program creates a virtual > environment for programs to run inside. The configuration of this > environment can be done with a combination of psc commands and ordinairy > system utilities like ip, mount, iptables etc. How this works exactly is > explained in this article: > > http://freedomboxblog.nl/program_space > Good to see what you've been up to, I've been wondering what you'd come up with. ;-) As this makes use of the same kernel features as LXC, Docker and even systemd I obviously was comparing it while I'm reading. You made some interesting choices. I didn't see the choices you made mentioned in the blog, it's mostly an introduction/user manual. The ones I noticed where: - you basically mentioned this, by naming it the way you did, but it's a system for application containers (as it doesn't use init in the container) - but it does run multiple processes, because it includes it own in-container daemon - does not include networking inside the daemon, to keep it flexible and lean - uses the daemon to start commands in the namespace - as you didn't use apt-get in your wordpress example I assume you want to create a Debian 'image' / container root filesystem which already all the packages installed. Maybe even only 1 for all the applications. - you build up the namespaces in small steps, by calling the commandline tool with different commands and keep the state in the kernel/daemon. It is somewhat similar to how Docker has Dockerfile. I guess. I'm sure there are others. Some other thoughts I had: - not all source is included, I believe. - pst runs the program with exec*() I assume ? - you've also not transitioned away from Bash ;-) But maybe Dash is more appropriate ? > Enjoy, I did ! > Rob van der Hoeven > http://freedomboxblog.nl > _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
