Grassroots containers in Fatdog


Ha ha, I thought that jamesbond, one of the main guys behind Fatdog, would have already studied containers and simple ways to implement them!

I have already conducted simple experiments on "grassroots", or build-your-own" containers, using 'env', 'unshare' and 'chroot', haven't posted to the blog yet, as need to do more investigation.

However, jamesbond has already done all the work on a "grassroots" implementation. This is an email he sent me today:

--------------------------------
RE: Container - you may want to see how Fatdog supports containers, here: http://distro.ibiblio.org/fatdog/web/faqs/sandbox.html

I have merged the standard sandbox into Woof-CE, so newer puppies should have sandbox.sh built-in.

As you are probably aware by now, "container" is full of hype and stuff. For Windows users these kind of things are probably "new" and "interesting", but for Linux they're re-packaged old stuff. A container is just "chroot on steroid" and there are many ways to achieve it.

The most basic way you can just use "unshare" command from recent core-utils (in fact, sandbox.sh from Fatdog uses this if it's available instead of just standard "chroot"). If you want to run a process inside an existing namespace, you can use "nsenter" (also from core-utils).

Of course, the basic tools for Linux container is LXC, and this is what I use for sandbox-lxc.sh/rw-sandbox-lxc.sh.

This script and all other Fatdog scripts are available here: http://distro.ibiblio.org/fatdog/packages/710/fatdog-scripts-710.0-noarch-1.txz

---------------------------------

For reference, there is a webpage that info on a grassroots build-your-own approach, using 'unshare', 'env' and 'chroot':
http://blog.z3bra.org/2016/03/hand-crafted-containers.html

Note, 'unshare', 'env' and 'chroot' are all busybox applets, though "full" versions are available elsewhere.


No comments posted yet