From nobody Thu Apr 13 13:22:40 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Py0ck2RQLz4519G for ; Thu, 13 Apr 2023 13:22:46 +0000 (UTC) (envelope-from 4250.82.1d4fe000432d72e.e108435032d1bdd912ddb0e17f484320@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Py0cj3p35z4NG2 for ; Thu, 13 Apr 2023 13:22:45 +0000 (UTC) (envelope-from 4250.82.1d4fe000432d72e.e108435032d1bdd912ddb0e17f484320@email-od.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1681392166; x=1683984166; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info:subject:to:from:cc:reply-to; bh=uAUyCnwWJe8UB8rqQMYwURcplDjLR2rg7QzX0IC9Xgs=; b=CkclNi+5GsNlhv3+RpVt10U1HoOCkdnZtE0uas5861wRMR7qu8vRmDGqZCFSWxWD9o7/On+/fMYMng5LQWqNz1VcGvwmyg48j1wiwMQsKkq8RZDULWurMKjlXwS5qeAPjcBZ55dkWCNi6hkoF5kRASr6n37ISIlP/cQygd+1YJo= X-Thread-Info: NDI1MC4xMi4xZDRmZTAwMDQzMmQ3MmUuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r3.us-east-1.aws.in.socketlabs.com (r3.us-east-1.aws.in.socketlabs.com [142.0.191.3]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 13 Apr 2023 09:22:44 -0400 Received: from smtp.lan.sohara.org (86-42-20-118-dynamic.b-ras1.bdt.dublin.eircom.net [86.42.20.118]) by r3.us-east-1.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 13 Apr 2023 09:22:42 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pmwuP-000JGg-5h; Thu, 13 Apr 2023 14:22:41 +0100 Date: Thu, 13 Apr 2023 14:22:40 +0100 From: Steve O'Hara-Smith To: Mario Marietto Cc: Alejandro Imass , Paul Pathiakis , Tim Preston , freebsd-questions Subject: Re: Docker Message-Id: <20230413142240.11d3b8c6baab7286678f3de2@sohara.org> In-Reply-To: References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <1535315680.2770963.1681309684072@mail.yahoo.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1) X-Clacks-Overhead: "GNU Terry Pratchett" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Py0cj3p35z4NG2 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Thu, 13 Apr 2023 13:31:02 +0200 Mario Marietto wrote: > The point of my argumentation is not if FreeBSD has or not good tools for > containerizing and securing applications. It has. Point is that the users > that don't know FreeBSD are tied to their own tools and rarely want to > change them. Almost everyone wants to change. But trying,experimenting and > changing something in the workflow is important,because every tool has bad > and good sides. There are many docker images already to be used on the net > and this will save a lot of time and effort and money for a lot of people. The problem with using the docker images available online is that these are *linux* filesystem overlay images. Docker only provides the mechanism for creating and assembling those images into runtime environments. The business of running them is handled by LXC via containerd. So in order to achieve what you want there would need to be: 1: Support for jails in containerd or support for LXC on FreeBSD. 2: Support for a *lot* more of the up to date Linux system calls (current emulation is for a 4.4.0 kernel. 3: Support for the filesystem layering used by Docker. 4: (the easy bit) A port of docker. This comes up a lot - but nobody ever wants to do the work which is why it never happens. It appears that none of the FreeBSD developers want this (fair enough they have other things on their minds and FreeBSD is a volunteer effort), and that none of the people who want this care enough to step up and do the work or raise a fund to pay someone to do it. -- Steve O'Hara-Smith