fsebugoutzone.org:9999

       Post 1536144 by sascha@deadinsi.de
 (DIR) More posts by sascha@deadinsi.de
 (DIR) Post #1535869 by kim@knzk.me
       2018-11-27T17:59:11Z
       
       0 likes, 0 repeats
       
       Got my instance back up! And more permanent! (this time it&#39;s running in an LXC instance I can more easily migrate if need-be)Can find me at @grufwubIf you know me, and you want an invite to join just hit me up :blobkissheart:
       
 (DIR) Post #1535870 by djsumdog@hitchhiker.social
       2018-11-27T18:16:33Z
       
       0 likes, 0 repeats
       
       @kim I wish more people looked at using LXC containers. In some cases they make a lot more sense than Docker.
       
 (DIR) Post #1535887 by sascha@deadinsi.de
       2018-11-27T18:17:30Z
       
       0 likes, 0 repeats
       
       @djsumdog @kim but... they&#39;re the same thing internally, mostly a bunch of `unshare` calls and glue ;-;
       
 (DIR) Post #1535967 by djsumdog@hitchhiker.social
       2018-11-27T18:20:52Z
       
       0 likes, 0 repeats
       
       @sascha @kim IIRC (and it&#39;s been a long time, so I could be wrong) LXC containers are a full OS where you run init (systemd) and it starts up processes. It&#39;s more like a VM, but without the VM layer (share the host kernel, use cgroups for isolation, etc) and you do common VM tasks in those containers (apt-get updates/security updates) vs Docker where you (usually) have a single process as PID 1, updating == rebuilding and security checks are non-existent without 3rd party tools.
       
 (DIR) Post #1536144 by sascha@deadinsi.de
       2018-11-27T18:31:19Z
       
       0 likes, 0 repeats
       
       @djsumdog @kim They&#39;re actually the exact same thing. Systemd can boot containers (on LXC and docker) given the distro supports it (marking udev and stuff you don&#39;t need/can&#39;t access in a container with a flag). You can also run not-init as PID 1 in LXC.Docker is essentially a nicer frontend to the same thing LXC does.And security, I mean, you can run a package manager in docker and you can also save a running docker image to a new tag. You just don&#39;t usually treat a docker container like that because it negates all the benefits of having fast building containers (in a CI especially).Security also isn&#39;t that severe in a docker container usually. It&#39;s pretty rare to see an issue that affects everything on a system and usually containers are only open HTTP ports anyway.