|
|
|
|
|
|
by geofft
3925 days ago
|
|
|
> The containers (assuming they are correctly set up) allow you to actually have two root accounts that can't interfere with each other. To the best of my knowledge, Docker (the official implementation) does not do that. rkt does, as mentioned at the bottom of this blog post mentioned elsethread: https://coreos.com/blog/rkt-0.8-with-new-vm-support/ (The Linux implementation of this is somewhat poor, in that you need to have a separate UID reserved in the global namespace, and you can only do 1:1 maps in containers. A nicer implementation would treat the user principal as a (container, UID) tuple. I recall that Linux tried that, but gave up for backwards-compatibility reasons.) > chroot /app1_root python myapp1.py Yeah, I think 80% of what Docker actually gets people in practice is a system for managing and running things in chroots. Containers also let you give them separate networking setups, track PIDs properly, and apply resource controls. But I've seen homegrown approximations that preceded Docker, based on stuff like schroot. |
|
|