[ironhaven]

I was going to rant about how containerization does not just mean Linux namespaces but that is what this is.

This project is very similar to docker with a background daemon server that you control via a cli to launch Linux containers.

Because Linux containers need Linux namespaces, each container is run in a virtual machine with a Linux kernel.

[wpm]

I'm surprised that given Apples love of sandboxing, especially on iOS, that XNU doesn't have something similar to namespaces or jails.

[bjoli]

IIRC they went for policy based sandboxing with Seatnelt and SIRP. That is pretty darn nice for gui apps, but not very good for things like containers.

[lxgr]

They don't just need Linux namespaces, they need the rest of Linux too! That's the ABI all software in OCI containers expects.

[pjmlp]

Not really, Windows containers do exist.

[lxgr]

Yes, but GP was talking about Linux containers.

[pjmlp]

> That's the ABI all software in OCI containers expects.

Windows containers also use OCI format.

[lxgr]

Yes, those aren't Linux OCI containers, and those are the kind of OCI containers this thread is about.