Rich Freeman on 24 Feb 2016 04:05:26 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ctmg: Simple wrapper around cryptsetup for encrypted containers


On Tue, Feb 23, 2016 at 10:13 PM, JP Vossen <jp@jpsdomain.org> wrote:
>
> I like the docs I read and the fact that it's bash so you can easily dissect
> the commands.  And *seems* simpler than other solutions I've seen, but I
> could just be forgetting things again.
>

Hopefully the impression that came across in the talk is that
namespaces actually are simple.  You could actually implement
something like nspawn in bash fairly easily I imagine.

There is a lot of stuff you need to do in practice to launch a
container that I didn't talk about, like drop some capabilities (not
entirely essential, but I forget offhand if the kernel will otherwise
prevent your container running shutdown from actually powering off the
motherboard), set up /dev, /proc, /sys, and so on.  If you're not
using a network namespace or don't need networking in your container
it probably wouldn't take you long to build all that yourself just
from my slide deck as setting up all of that stuff is really nothing
new.

In the end, a container is just like a chroot - a bunch of processes
that were launched with some attributes tweaked.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug