[Freedombox-discuss] Program Space, a new lightweight virtualization technology

Leen Besselink freedombox at consolejunkie.net
Sun Dec 29 21:59:53 UTC 2013

On Sun, Dec 29, 2013 at 02:39:45PM +0100, Rob van der Hoeven wrote:
> Hi Folks,

Hi Rob,

> I'm proud to announce a new lightweight virtualization technology called
> Program Space which I developed over the past months. This technology
> will be used in my new FreedomBox architecture, and I hope it will also
> be used to enhance Debian security.
> Program Space is created and managed by a small program called psc,
> short for Program Space Control. This program creates a virtual
> environment for programs to run inside. The configuration of this
> environment can be done with a combination of psc commands and ordinairy
> system utilities like ip, mount, iptables etc. How this works exactly is
> explained in this article:
> http://freedomboxblog.nl/program_space

Good to see what you've been up to, I've been wondering what you'd come
up with. ;-)

As this makes use of the same kernel features as LXC, Docker and even systemd
I obviously was comparing it while I'm reading.

You made some interesting choices.

I didn't see the choices you made mentioned in the blog, it's mostly an introduction/user manual.

The ones I noticed where:

- you basically mentioned this, by naming it the way you did, but it's a system for application containers (as it doesn't use init in the container)

- but it does run multiple processes, because it includes it own in-container daemon

- does not include networking inside the daemon, to keep it flexible and lean

- uses the daemon to start commands in the namespace

- as you didn't use apt-get in your wordpress example I assume you want to create a Debian 'image' / container root filesystem which already all the packages installed. Maybe even only 1 for all the applications.

- you build up the namespaces in small steps, by calling the commandline tool with different commands and keep the state in the kernel/daemon. It is somewhat similar to how Docker has Dockerfile. I guess.

I'm sure there are others.

Some other thoughts I had:
- not all source is included, I believe.

- pst runs the program with exec*() I assume ?

- you've also not transitioned away from Bash ;-) But maybe Dash is more appropriate ?

> Enjoy,

I did !

> Rob van der Hoeven
> http://freedomboxblog.nl

More information about the Freedombox-discuss mailing list