Re: Containers on Guix

From: Thompson, David
Subject: Re: Containers on Guix
Date: Thu, 20 Nov 2014 09:08:09 -0500

On Thu, Nov 20, 2014 at 8:30 AM, 宋文武 <address@hidden> wrote:
> David Thompson <address@hidden> writes:
>> I did some reading about how Docker creates containers and discovered
>> that it uses systemd-nspawn[0] to do it.  Since Guix uses dmd, using
>> systemd-nspawn isn't an option.  Does anyone have thoughts on how we
>> might have similar functionality in the Guix distro?
> I think what we need is pflask:
> A container is programs or full os running in an isolated environment.
> For a full container with rootfs, we can:
>   build the rootfs:
>     of Guix:    by using a form of `guix system init'
>     of Debian:  by using debootstrap
>   get it running:
>     # pflask --chroot=rootfs /sbin/init
> For a lightweight container without rootfs, we can:
>   build the activate script by `guix build'
>   get it running:
>     $ pflask --user=$USER activate
>     (could run by normal user by using User namespace)

Wow, thanks!  I think pflask is exactly what I'm looking for.  I'll
write a guix package and do some experiments with it soon.

>> Would an nspawn equivalent be appropriate for dmd?  Or a completely
>> separate program?
> Isolation is archieved by using Linux namespaces, IMO dmd will work
> well.

It seems that with pflask, there's no need to add anything to dmd.  We
could extend guix system to use it to generate containers.

This is a really great starting point.  Thank you very much for
pointing me in the right direction.

- Dave

