Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> There's nothing antiquated about a hierarchical filesystem with a single root.

Unfortunately the hierarchical structure is lost in the name. It's one flat string and '/' and NUL have special meaning.

In a way, containers show that there is a legitimate need for multiple roots.



Containers are to a large extent a solution to an artificial problem. It your app is a single binary file + a single text configuration file with no dependencies apart from system libraries (i.e. libc POSIX) then you don't need a container, you're just a process. Containers are necessary because applications now consist of hundreds of small files with complex inter- and external dependencies.


You still want the additional security, if your daemon gets compromised.

You still want to restrict resources (number of cores, memory, etc).

Nevertheless, I agree that containers are often a cut through Gordian Knot. Just put everything in its own box instead of resolving dependencies.


Containers don't provide additional security, nor do they provide additional ways to restrict resources. If you want to restrict resources or sandbox programmes, you can do so without containers.


It might be worth noting that the original unix designers introduced containers to unix (as "Namespaces") in Plan9.


I wouldn't call the developers of Plan9 the 'original UNIX designers'.

For that matter, I think it's naive to say that containers and namespaces are the same thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: