this post was submitted on 14 Nov 2024
42 points (74.4% liked)

Linux

48184 readers
1305 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 25 comments
sorted by: hot top controversial new old
[–] cosmicbytes@programming.dev 3 points 6 hours ago (1 children)

Slightly related: my own blogpost about demistifying containers. It takes a quite different approach from the OP and focuses on a different side of containers. Would appreciate any feedback!

https://cosmicbyt.es/posts/demistifying-containers-part-1/

[–] blackbeards_bounty@lemmy.dbzer0.com 1 points 57 minutes ago

Your site is great!

[–] Eyck_of_denesle@lemmy.zip 9 points 22 hours ago

Just read the article y'all

[–] nous@programming.dev 62 points 1 day ago (1 children)

Um no. Containers are not just chroot. Chroot is a way to isolate or namespace the filesystem giving the process run inside access only to those files. Containers do this. But they also isolate the process id, network, and various other system resources.

Additionally with runtimes like docker they bring in vastly better tooling around this. Making them much easier to work with. They are like chroot on steroids, not simply marketing fluff.

[–] Markaos@lemmy.one 13 points 1 day ago

The author acknowledges that, the blog post seems to be aimed at demystifying the concept of namespaces by showing that a "container runtime" that only does limited filesystem namespaces (using chroot) is enough to get some widely used containers running (of course without all the nice features and possibilities of the other types of namespaces)

[–] Vendetta9076@sh.itjust.works 30 points 1 day ago (4 children)

First of all: no, and repeating this nonsense over and over doesn't make it any more true.

Second of all: I truly will never understand the hatred some people have for docker. If you prefer all bare metal install, then fine. But constantly shouting from the rooftops how useless and bad docker is seems a little silly.

[–] lengau@midwest.social 3 points 14 hours ago

Containers are great, but I find Docker's way of making container images to be pretty bad, personally. Fortunately you can use other tools to create OCI images and then copy them into Docker, as the runtime is pretty nice for dev machines.

[–] Atemu@lemmy.ml 10 points 22 hours ago* (last edited 22 hours ago) (2 children)

Great way to show off you haven't actually read any of the article past its title.

[–] frazorth@feddit.uk 1 points 21 hours ago* (last edited 21 hours ago)

Title is clickbate.

[–] Vendetta9076@sh.itjust.works -2 points 18 hours ago

I read the whole thing, thank you very much. It's still nonsense. So you can take your sarcastic remarks and go somewhere else.

[–] Solumbran@lemmy.world 14 points 1 day ago

Containers are fine but docker is a pain in the ass that lazy people use when they don't want to provide clean installation/packaging.

How many times have I seen an equivalent of "we use a custom fork of an obsolete version of an unmaintained package, so if you want to compile it yourself good luck because we forgot how we even did it. Alternatively, you can install the docker version"...

[–] isVeryLoud@lemmy.ca 8 points 1 day ago (1 children)

People are afraid of what they do not understand. This still holds true here.

And fear leads to hate.

[–] tapdattl@lemmy.world 9 points 1 day ago

Which eventually leads to the Dark Side

[–] Dirk@lemmy.ml 9 points 1 day ago (2 children)

So they say I can run a dozen of different web applications on the same machine all on the same port internally and different port externally and have a reverse proxy forwarding the traffic to the correct port based on the hostname it was called with by simply using a bunch of chrooted environments?

[–] IsoKiero@sopuli.xyz 8 points 1 day ago

Not that it's really relevant for the discussion, but yes. You can do that, with or without chroot.

That's obviously not the point, but we're already comparing oranges and apples with chroot and containers.

[–] nickwitha_k@lemmy.sdf.org 1 points 23 hours ago (1 children)

Without the chroot, that's how shared webhosting works but it can be hundreds or thousands of sites, depending on resource usage and server capacity.

[–] Dirk@lemmy.ml 2 points 21 hours ago (1 children)

I know how shared webhosting works. This is why I wonder why the author thinks containers and chroots are the same thing.

[–] nickwitha_k@lemmy.sdf.org 2 points 9 hours ago

Oh that makes more sense. I probably took you too literally.

[–] savvywolf@pawb.social 3 points 1 day ago (1 children)

Honestly, since getting into NixOS, I've found that much more of an elegant system than Docker or whatever.

[–] Atemu@lemmy.ml 6 points 22 hours ago (1 children)

You're comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.

You could in theory use NixOS to define a system environment that you'd run inside of a docker container. It's a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that's beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).

[–] savvywolf@pawb.social 3 points 17 hours ago (2 children)

As I understand it, the problem that both Nix and Docker try to solve is "How do I bundle and run this application in such a way that its dependencies are explicitly specified and don't interfere with anything installed on the host system".

They have different approaches, but I think that goal is the same?

[–] Atemu@lemmy.ml 1 points 8 hours ago

That's Nix, not NixOS.

I also wouldn't be too sure on that "explicit" part for Docker. It's somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.

[–] porous_grey_matter@lemmy.ml 1 points 12 hours ago (1 children)

No, containers further isolate the network and hardware interaction of the process etc

[–] savvywolf@pawb.social 3 points 8 hours ago (1 children)

Unless it has changed recently, Docker is not intended to be a security layer as far as I know.