|
|
|
|
|
|
by smw
1927 days ago
|
|
|
It has gotten simpler, especially for things like testing safely. If you don't think about it as docker, or containers, the ability to sandbox things with namespaces and cgroups is almost magical. It's effectively instant and much more effective than just chroot. "Run something with no -- or very specific -- network access" was a really annoying problem to solve (LD_PRELOAD?) in the before times. |
|
|
>Run something with no, or very specific, network access
If this was such a problem in linux then why didn't people focus on improving this instead? We could have solved this problem in linux and made the whole system better for everyone.
Instead people left the problem there and just piled more crud ontop. We added an entire new layer of abstraction that everyone now has to spend weeks learning how to use instead of just fixing the original problem. The whole system is now far more complex, and the original problem is still there.