From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Containers on Guix
Date: Thu, 20 Nov 2014 09:08:09 -0500
Message-ID: <CAJ=RwfaKvx7GsSwkJZ+gyhn_-4PX1M0CrY_9jLUtCsSQvLRuOA@mail.gmail.com>
References: <87lhn6eh12.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
	<87d28irocj.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44346)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1XrSPC-0003Jl-S3
	for guix-devel@gnu.org; Thu, 20 Nov 2014 09:08:24 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1XrSP7-000692-48
	for guix-devel@gnu.org; Thu, 20 Nov 2014 09:08:18 -0500
Received: from na3sys009aog130.obsmtp.com ([74.125.149.143]:42948)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1XrSP6-00068u-TZ
	for guix-devel@gnu.org; Thu, 20 Nov 2014 09:08:13 -0500
Received: by mail-pd0-f177.google.com with SMTP id ft15so3104588pdb.36
	for <guix-devel@gnu.org>; Thu, 20 Nov 2014 06:08:10 -0800 (PST)
In-Reply-To: <87d28irocj.fsf@gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?UTF-8?B?5a6L5paH5q2m?= <iyzsong@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>

On Thu, Nov 20, 2014 at 8:30 AM, =E5=AE=8B=E6=96=87=E6=AD=A6 <iyzsong@gmail=
.com> wrote:
> David Thompson <dthompson2@worcester.edu> writes:
>
>> I did some reading about how Docker creates containers and discovered
>> that it uses systemd-nspawn[0] to do it.  Since Guix uses dmd, using
>> systemd-nspawn isn't an option.  Does anyone have thoughts on how we
>> might have similar functionality in the Guix distro?
> I think what we need is pflask: https://github.com/ghedo/pflask
>
> A container is programs or full os running in an isolated environment.
> For a full container with rootfs, we can:
>   build the rootfs:
>     of Guix:    by using a form of `guix system init'
>     of Debian:  by using debootstrap
>
>   get it running:
>     # pflask --chroot=3Drootfs /sbin/init
>
> For a lightweight container without rootfs, we can:
>   build the activate script by `guix build'
>   get it running:
>     $ pflask --user=3D$USER activate
>     (could run by normal user by using User namespace)

Wow, thanks!  I think pflask is exactly what I'm looking for.  I'll
write a guix package and do some experiments with it soon.

>> Would an nspawn equivalent be appropriate for dmd?  Or a completely
>> separate program?
> Isolation is archieved by using Linux namespaces, IMO dmd will work
> well.

It seems that with pflask, there's no need to add anything to dmd.  We
could extend guix system to use it to generate containers.

This is a really great starting point.  Thank you very much for
pointing me in the right direction.

- Dave