[dijit]

But your containers may be a bit weird if their environment isn’t POSIX.

Like if you removed the “cd” command or the ability to read environment variables. “Containers” is any definition you want, but surely they’re built to some standard.

PS: I do make “from scratch” images a lot, I know you don’t “need” to have any utilities at all, but I’m fairly certain that a lot of software expects the “OS” to be POSIX.

[yakubin]

I don't know what you mean. Linux containers don't contain operating systems. They contain processes. POSIX describes operating systems.

Every Linux process can read environment variables. They are contained in its address space. "cd" is a shell built-in. When there is no shell, there is no "cd". Not providing access to a shell sounds like great security practice tbh. Your applications shouldn't be using it anyway (they should create new processes directly).

[messe]

This is just being obtuse for the sake of it. Yes, technically nothing in the notion of a container necessitates that; containers are just a form of namespacing. Have a gold star for understanding that. But the fact is: the vast majority of containers in use are going to be based on some minimal OS image, which is what the commenter was referring to.

[jrockway]

People use minimal OS images when they absolutely have to, but the ideal case is just your binary sitting there all alone. (Sometimes you need the tzdata files, SSL certificates, and other support files. But rarely a shell.)

[messe]

I agree that the ideal case is just a single binary with minimal supporting data, but people using OS images is certainly the norm not the exception. To suggest otherwise is ludicrous.