Containers as kernel objects — again

Posted Mar 2, 2019 7:58 UTC (Sat) by ThinkRob (guest, #64513)
In reply to: Containers as kernel objects — again by jejb
Parent article: Containers as kernel objects — again

The problem still is that having a container construction imposed from userspace allows for huge flexibility and is incredibly powerful. The down side is that the kernel doesn't know what constitutes a container.

Well that's the cathedral vs. the bazaar in a nutshell, isn't it?

Containers (and really any features designed/imposed primarily by/because of the kernel) require userspace cooperation/config. So you get whatever common spanning set of features the two agree on. Which may not be a set/superset of what's available in kernel-land. :(

Compare and contrast to Illumos zones or FreeBSD jails: something is added, and it's generally available ASAP in the tooling.

There's something to be said for a tool that matches ring 0's contour.