[Freedombox-discuss] Program Space, a new lightweight virtualization technology
freedombox at consolejunkie.net
Sun Dec 29 21:59:53 UTC 2013
On Sun, Dec 29, 2013 at 02:39:45PM +0100, Rob van der Hoeven wrote:
> Hi Folks,
> I'm proud to announce a new lightweight virtualization technology called
> Program Space which I developed over the past months. This technology
> will be used in my new FreedomBox architecture, and I hope it will also
> be used to enhance Debian security.
> Program Space is created and managed by a small program called psc,
> short for Program Space Control. This program creates a virtual
> environment for programs to run inside. The configuration of this
> environment can be done with a combination of psc commands and ordinairy
> system utilities like ip, mount, iptables etc. How this works exactly is
> explained in this article:
Good to see what you've been up to, I've been wondering what you'd come
up with. ;-)
As this makes use of the same kernel features as LXC, Docker and even systemd
I obviously was comparing it while I'm reading.
You made some interesting choices.
I didn't see the choices you made mentioned in the blog, it's mostly an introduction/user manual.
The ones I noticed where:
- you basically mentioned this, by naming it the way you did, but it's a system for application containers (as it doesn't use init in the container)
- but it does run multiple processes, because it includes it own in-container daemon
- does not include networking inside the daemon, to keep it flexible and lean
- uses the daemon to start commands in the namespace
- as you didn't use apt-get in your wordpress example I assume you want to create a Debian 'image' / container root filesystem which already all the packages installed. Maybe even only 1 for all the applications.
- you build up the namespaces in small steps, by calling the commandline tool with different commands and keep the state in the kernel/daemon. It is somewhat similar to how Docker has Dockerfile. I guess.
I'm sure there are others.
Some other thoughts I had:
- not all source is included, I believe.
- pst runs the program with exec*() I assume ?
- you've also not transitioned away from Bash ;-) But maybe Dash is more appropriate ?
I did !
> Rob van der Hoeven
More information about the Freedombox-discuss