Today I learned something that I thought I'd share. I was doing some research on sandboxing certain processes in linux for a project that I'm working on when I found out about linux namespaces. These are a kernel feature that allow isolating of resources from the rest of the system. Namespaces usually govern resources that are traditionally shared over the entire system, such as users and groups, the network stack and process identifiers.
The first thing that went through my mind as I read all that was that it all sounded like the things I needed. It will be a definite amount of work to get everything working the way that I want it to, but it sounds like a better than using a sandboxing or containerization tool that isn't made for what I'm trying to do and has other functionality I'll have to work around. Besides, these other tools are usually built on top of the namespaces anyway.
The second thing that went through my mind was that this makes the appearance of Docker a couple of years nothing less than inevitable. The first namespace was added to the linux kernel all the way back in 2008, but it all becomes clear when you read that a pretty hard and very important namespace (the one governing users and groups) was added in 2013. That's the very same year that Docker was started.
Isolating processes from other processes has been something that people have been aiming for for a very long time. One can at the very least trace it back to chroot in the late seventies and early nineties. This was a very limited and perhaps even flawed approach, but it shows that the drive has long since been there. So, then seeing that in the same year that the kernel provided one of the most important pieces of technology this software was created, would seem to imply that if it hadn't been Docker, it would have been someone else who started a similar project with similar functionality under a different name.
Given that the project needed some time to get to a more or less stable state and that it needed good adoption of the kernel that provided the required features, even the sudden popularity explosion of Docker makes a whole lot of sense. After all, this was a technology the world had been looking for decades...
No comments:
Post a Comment