Um no. Containers are not just chroot. Chroot is a way to isolate or namespace the filesystem giving the process run inside access only to those files. Containers do this. But they also isolate the process id, network, and various other system resources.
Additionally with runtimes like docker they bring in vastly better tooling around this. Making them much easier to work with. They are like chroot on steroids, not simply marketing fluff.
The author acknowledges that, the blog post seems to be aimed at demystifying the concept of namespaces by showing that a “container runtime” that only does limited filesystem namespaces (using chroot) is enough to get some widely used containers running (of course without all the nice features and possibilities of the other types of namespaces)
Yeah, and this brings no tangible UX or security benefits and is only ever used because last-century package managers can’t manage packages, containers are glorified chroots.
Um no. Containers are not just chroot. Chroot is a way to isolate or namespace the filesystem giving the process run inside access only to those files. Containers do this. But they also isolate the process id, network, and various other system resources.
Additionally with runtimes like docker they bring in vastly better tooling around this. Making them much easier to work with. They are like chroot on steroids, not simply marketing fluff.
The author acknowledges that, the blog post seems to be aimed at demystifying the concept of namespaces by showing that a “container runtime” that only does limited filesystem namespaces (using chroot) is enough to get some widely used containers running (of course without all the nice features and possibilities of the other types of namespaces)
Yeah, and this brings no tangible UX or security benefits and is only ever used because last-century package managers can’t manage packages, containers are glorified chroots.