Containers should be an operating system responsibility
a year ago
- #devops
- #operating-systems
- #containers
- Containers became popular for setting up application environments, but the author believes operating systems should handle this.
- Docker solves environment setup and safe execution by isolating processes and managing dependencies.
- Alternatives to containers include installing dependencies directly on the host machine, self-contained deployment, and ahead-of-time (AOT) compilation.
- AOT compilation reduces runtime dependencies, improves performance, and lowers memory usage.
- Docker images include an OS's user space, which can be memory and disk space intensive.
- Safe execution without containers involves user-level file system access control and network restrictions via firewalls.
- Proposal: Execution manifests could define program execution, permissions, and resource access, signed for authentication.
- Execution manifests could also specify allowed devices and peripherals, useful for desktop applications.
- Example manifest includes allowed directories, network access, and devices like mouse and keyboard.