fsebugoutzone.org:9999

       Post APXW1GpE63cT95Mv1U by wolf480pl@mstdn.io
 (DIR) More posts by wolf480pl@mstdn.io
 (DIR) Post #APXVHZBvTnrcmoC1wm by algernon@trunk.mad-scientist.club
       2022-11-12T20:42:16Z
       
       0 likes, 0 repeats
       
       Today I built my first no-OS, single-static-binary container, and it feels nice.
       
 (DIR) Post #APXVHZezjj7GExnFFw by wolf480pl@mstdn.io
       2022-11-12T21:01:05Z
       
       0 likes, 0 repeats
       
       @algernon is it a unikernel tho?
       
 (DIR) Post #APXVZneMSg2GqEBh9U by algernon@trunk.mad-scientist.club
       2022-11-12T21:04:07Z
       
       0 likes, 0 repeats
       
       @wolf480pl No. Just a regular Linux container + a static ELF binary.
       
 (DIR) Post #APXVmdcR4HSrUlPOfA by wolf480pl@mstdn.io
       2022-11-12T21:06:47Z
       
       0 likes, 0 repeats
       
       @algernon oh, so still running on an OS, I see.
       
 (DIR) Post #APXVwNUVsy0uN6LbAe by algernon@trunk.mad-scientist.club
       2022-11-12T21:08:29Z
       
       0 likes, 0 repeats
       
       @wolf480pl Well, a kernel, yeah, but no OS beside it. Just not a specialized unikernel, but a generic one, so I can just docker run it.
       
 (DIR) Post #APXW1GpE63cT95Mv1U by wolf480pl@mstdn.io
       2022-11-12T21:09:30Z
       
       0 likes, 0 repeats
       
       @algernon I was hoping it was -ffreestanding and stuff :(Still sounds cool tho.How do you debug it?
       
 (DIR) Post #APXWGkcfanzTu8sRjU by algernon@trunk.mad-scientist.club
       2022-11-12T21:12:16Z
       
       0 likes, 0 repeats
       
       @wolf480pl Sadly, no, not -ffreestanding, I have a good number of dependencies that require the Linux kernel (network stuff, openssl, and a bunch of other things).For debugging, I have logs, and I can run the same thing on the host with a debugger attached if I need to.
       
 (DIR) Post #APXWseKVRDn3OKS7gO by algernon@trunk.mad-scientist.club
       2022-11-12T21:19:05Z
       
       0 likes, 0 repeats
       
       @wolf480pl Hm... you did pique my interest about unikernels, and Unikraft might be POSIX enough for my needs in this case. Going to take a look!(Though, I will continue to use the linux+single binary container, because I have the tooling setup for that, running unikernels would be a whole new thing.)
       
 (DIR) Post #APXXh7VhDgwEN8kk2S by wolf480pl@mstdn.io
       2022-11-12T21:28:16Z
       
       0 likes, 0 repeats
       
       @algernon yeah, in particular it&#39;d be hard to run more than one on a single machine :PThey make more sense for embedded stuff
       
 (DIR) Post #APXYBgxtxoTZ1NWWau by wolf480pl@mstdn.io
       2022-11-12T21:33:28Z
       
       0 likes, 0 repeats
       
       @algernon for me, dealing with containers at work, the largest problem with minimal / OS-less containers is that it&#39;s difficult to run diagnostic tools (ping, tracepath, tcpdump, etc) in their netns.I end up sshing to the host and using nsenter, but I heard some people have a setup where they can run a debug container (with an image full of diagnostic tools) in the same namespaces (except for mount namespace) as the container being debbuged.