Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Process isolation alternative do Docker
1 point by tuyiown on April 13, 2022 | hide | past | favorite | 2 comments
The feature I care most about Docker is the ability to run / install software with good confidence that it won't alter the behavior my installed system in any unpredictable way (give you trust Docker install / uninstall)

I'd like to explore alternatives, as the performances issues with Docker give little hope it'll resolve any time soon.

Let's set aside full os virtualization, it seem that macOS sandbox could do job, at least for fs tempering.

To give an idea of thing i've considered, running a shell in a sandbox could do the job, sandbox-exec should allow that, with the flexibility of possibility of several configuration, but it's deprecated, and creating a profile file from scratch looks intimidating.

Looks like bsd-like jails could also be an option.

I am looking for solutions or ideas that would provide mainly fs isolation, but any lightweight containerization would do.



You could look at LXD, but it would require a full OS.

Or maybe just chroot with some cgroups could be enough to run static binaries.

What is the performance issue you encountered? Could podman solves them?


I'm running postgres and mongodb, disk chatter induces a lot of CPU usage, and after a few ours some of my uses case jumps a few of magnitude order in lagginess.

podman relies on homebrew, which is pretty invasive, and brings all the problems of a distro. Using homebrew solely for podman would do the trick though. That said, a sand box for homebrew would be enough, and there's even an unmaintained experiment to do exactly that: https://github.com/brewdo/brewdo




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: