| Hiya Brian! > Layers are largely an implementation detail in Docker. You say this, but they are so deeply baked into many tools that there have been many hundreds of talks about how to "reduce the size of your Docker image with this one simple trick!" which reduces down to understanding how layers in Docker images work. Layers definitely leak through a lot of the tooling. I'm hoping that my OCIv2 proposal will remove the practical need for layers entirely -- and also remove a lot of the cargo-culting which has popped up around "how to get smaller images". Maybe Docker might adopt this in the future (after you guys get OCIv1 support :P). > Also, a side note, "docker run --init" gets you the init you are looking for, can set it as default in the daemon as well. This is different to LXC. With LXC, the "init" is actually systemd, not just a zombie reaper -- and when you do an "lxc attach" you are actually put into a new console (getty and all). Yes, you can run (after some headaches) systemd inside Docker, but LXC definitely handles this much better because that's the usecase it was designed around. It's not really a defect in Docker, it's just not what Docker was designed around. |
Truth!
> I'm hoping that my OCIv2 proposal
I've seen (and largely agree with) your post (somewhere? Can't remember where) here, are you working on a formal proposal?
> "init" is actually systemd
Fair enough. I think this opens up additional security issues (requires SYS_ADMIN as I recall), though?