| Rich Freeman on 24 Feb 2016 04:05:26 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] ctmg: Simple wrapper around cryptsetup for encrypted containers |
On Tue, Feb 23, 2016 at 10:13 PM, JP Vossen <jp@jpsdomain.org> wrote: > > I like the docs I read and the fact that it's bash so you can easily dissect > the commands. And *seems* simpler than other solutions I've seen, but I > could just be forgetting things again. > Hopefully the impression that came across in the talk is that namespaces actually are simple. You could actually implement something like nspawn in bash fairly easily I imagine. There is a lot of stuff you need to do in practice to launch a container that I didn't talk about, like drop some capabilities (not entirely essential, but I forget offhand if the kernel will otherwise prevent your container running shutdown from actually powering off the motherboard), set up /dev, /proc, /sys, and so on. If you're not using a network namespace or don't need networking in your container it probably wouldn't take you long to build all that yourself just from my slide deck as setting up all of that stuff is really nothing new. In the end, a container is just like a chroot - a bunch of processes that were launched with some attributes tweaked. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug