[twic]

Here's another one. I have an app which spawns subprocesses to do computations. I would love to put the subprocesses in containers to constrain their resource usage (i know that's not the only way to do it, but it's an effective and well-understood way to do it). But i would also like to able to run my application in a container!

[electroly]

While using containers is common and well-understood, containers within containers are not. It's novel enough to warrant this blog post on how to do it!

If all you want is resource constraints on your spawned processes, it's easier and more common to just use cgroups. It's straightforward and you should have a working understanding of cgroups anyway if you want to be effective at using containers, which are built on top of cgroups.

Cgroups are really easy to use and I feel like people aren't bothering to learn about it. :(

[yrro]

To be fair cgroupsv1 and the original tooling around them weren't so great. And people were stuck with them for aaaaaages because the cpu controller wasn't ported to v2 for so long. And then they were still stuck on v1 because of Docker...