Comment by monocasa
4 years ago
The distinction I'm making here is between opt-in and opt-out namespacing.
Plan9's vfs namespacing is closer to clone(2) than kubernetes.
4 years ago
The distinction I'm making here is between opt-in and opt-out namespacing.
Plan9's vfs namespacing is closer to clone(2) than kubernetes.
If you want foolproof sandboxing, you need opt-out namespacing. Because there might be resource types that your version of the software doesn't know about, and these should really be namespaced by default.
Besides, what really matter is whether namespacing is idiomatic or not. It was always idiomatic in plan9, and containerization has certainly made it more idiomatic even on *nix systems.
Plan9 was the model you're saying isn't foolproof. Switching namespaces were explicit calls seperate from process creation.
The Linux namespace scheme was explicitly inspired by plan9, but didn't have nearly as many gotchas (like plan9 vfs namespaces being only per uid).
My bringing up kubernetes is to contrast the Unix style methods in a way that developers today would recognize.
> The Linux namespace scheme was explicitly inspired by plan9, but didn't have nearly as many gotchas
There were other OS's doing similar stuff at the time, e.g. BSD jails predate Linux containers AIUI.
1 reply →