hngopher.com

       [HN Gopher] Linux containers in 500 lines of code (2016)
       ___________________________________________________________________
        
       Linux containers in 500 lines of code (2016)
        
       Author : sturza
       Score  : 92 points
       Date   : 2020-02-04 05:28 UTC (17 hours ago)
        
 (HTM) web link (blog.lizzie.io)
 (TXT) w3m dump (blog.lizzie.io)
        
       | sascha_sl wrote:
       | Liz Rice has done some awesome on-stage live coding, including a
       | very small container runtime in go.
       | 
       | https://www.youtube.com/watch?v=8fi7uSYlOdc
        
       | projektfu wrote:
       | I like the use of noweb. Very slick.
        
       | dang wrote:
       | A thread from 2017: https://news.ycombinator.com/item?id=15608435
        
       | arpa wrote:
       | Docker in ~100 lines of bash: https://github.com/p8952/bocker
        
         | VWWHFSfQ wrote:
         | "100 lines of bash" is pretty generous. they might as well have
         | just made it 1 line of bash with the way the code is written
        
           | _zer0 wrote:
           | Only the first few lines of the script look dense. Everything
           | else looks normal to me.
        
             | fwip wrote:
             | Stuff like
             | https://github.com/p8952/bocker/blob/master/bocker#L94 is
             | super dense.
             | 
             | I might write that something like:
             | cid="$(           ps o ppid,pid |             grep "^$(
             | ps o pid,cmd |                 grep -E "^\ *[0-9]+
             | unshare.*$1" |                 awk '{print $1}'
             | )" |             awk '{print $2}'         )"
        
               | stingraycharles wrote:
               | I agree with you that their code is fairly dense, yours
               | is overly verbose.
               | 
               | Having said that, looking at their code, I don't get the
               | impression they're optimizing for LOC. There is plenty of
               | verbosity and opportunity to remove lines of code if they
               | wanted.
        
               | Hello71 wrote:
               | or maybe even cid=$(pgrep -P $(pgrep -f "unshare.*$1")).
        
           | SahAssar wrote:
           | That's not fair considering the two longest lines are for
           | logging into dockerhub and parsing input arguments.
        
       | parhamn wrote:
       | I was actually wondering what the lowest-resource way of
       | launching a bunch of mostly-idle single port applications in
       | isolation currently is. Docker runtime is bloated, Kubernetes has
       | recommended limits (and enforced on cloud providers), Runc feels
       | like you have to implement Kubernetes/Docker on top yourself.
       | Anyone seen anything else out there to run a few thousand single
       | port binaries and multiplex them with a webserver?
        
         | xnyan wrote:
         | I've had really good results with LXC/LXD. Depending on the
         | privileges of the container the only area of overhead that
         | sometimes concerns me is filesystem IO, but ive been able to
         | work around it.
        
       | [deleted]
        
       ___________________________________________________________________
       (page generated 2020-02-04 23:00 UTC)