[Info-vax] Installing and using GNV - some feedback and questions

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Oct 31 09:34:36 EDT 2016 

On 2016-10-30 17:02:46 +0000, David Froble said:

> I see some issues, and possibilities.
> 
> If a user is to only be allowed in the container / application / 
> whatever assigned to him, then logging into the base OS seems to be 
> giving the user more than would be appropriate?

Potentially.   And it's not just the users, the applications in the 
containers shouldn't be accessing other containers.   There'll also be 
requirements for accessing and protecting shared data.

> Should users logged into the base OS be allowed to access all 
> containers? Perhaps a login to the container might be appropriate?

Following the sandbox or jail model, containers get their own instance 
of the OS interfaces (to isolate those applications), and users can 
access those containers using user access controls.

> With one OS, the issue of multiple OS licenses seems to go away?

There's a case for less overhead than virtualization — containers are 
virtualization at the OS level, rather than the hardware level — and 
there are less OS software licenses.

> Being able to boot from a container doesn't seem to be very useful.

It gets all the dependencies into one package.

> If only that container is to be run, then why use a container?  Yes, I 
> understand testing a new OS version, and such, but that's what test 
> systems are for, not production systems.

Repeatability, scheduling and failover, among other reasons.   Gives an 
easy way to turn it off and turn it back on again, from a known-good 
copy.

> It seems to me that containers may be useful in some scenarios, but not 
> so much otherwise.  I've loaded the Python containers, and yes, it was 
> simple, and "contained".  But for production, it adds another layer of 
> complexity.

There's no universal answer.

> A good capability to have, and already to some extent available, but, 
> not to be used just because it's available.

My fondness for bundles is around the ease of installation, management, 
upgrades and cleanup, and around the enforced isolation among the 
installed bundles.



-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list