[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NetBSD Jails
> Am 20.05.2020 um 06:26 schrieb Greg A. Woods <woods%planix.com@localhost>:
> Sure, doing things smart/clean/elegant is definitely outdated when
> compared to the way many choose to work. As I said, most seem to see
> the apparent surface simplicity of "docker pull nginx" as elegant
I don’t use docker too and i‘m still curious why so many people i talk about linux containers confuse containers / lxc with „docker“. docker is just a (commercial) application of containers, like lxd, kubernetes, warden, lxc and many others today and i dont like that „dockerization of anything“ some people hype att because it makes things more inefficient / worse in many / most cases where other setups are much more efficient/ economical.
I like to avoid any kind of virtualization / „partitioning“ where possible too, but thats just one side of the medal, because in reality there are many scenarios where it won’t work without in a economically or way - because the application software ecosystem doesnt allow it without and scaling / HA / security is a rising factor too.
And i would prefer FreeBSD type jails over LXC if they are available on NetBSD btw..
At the end, NetBSD project will have to „decide“ about how much it play a role on larger network platform setups even as future „rich“ network equipment (like modern NAS or so) where (even with the „renaissance of bare metal“) „container“ (BSD jail) like isolation / „basic zoning“ is getting a required tool for growing amount of cases in the industry - be by security designs or business models etc..
BSD Jails was nearly not known / used (except from few „geeks“) over decades and with the availability of linux containers they got back significant attention in the last few years.
I dont know how far it would really cost in complexity to the NetBSD stack to „just“ get a similar to FreeBSD jails network „chroot isolation“ and „(pdeudo)virtual userspace“ (by uid/gid „offsets“ or so) get done (which typically uses a existing firewalling / net filter kind of stack (the most other required parts for such a basic jailing are still there in NetBSD). I can‘t believe that these costs will be higher then the won usability / application world it offers in the future, since Jails are not „geek niche“ anymore in the IT industry.
Main Index |
Thread Index |