Thanks for the feedback and alternatives, I hadn't seen Spoon or LXD yet so I'll check those out. Namespaces are sometimes supported directly by the application itself, for example uWSGI, and anything lacking native support you can use firejail [1]. There is also an article [2] by an OVH employee about using namespaces directly in C.
I'm looking forward to LXD in particular. I really like how Docker feels like a convenient application deployment platform, but there is no isolation between the container and the host OS. One thing that bothers me is a lot of application images, including official ones, on the Docker repository run as root. User and groups are mapped one-to-one on the host; running as root in the container means you are root on the host. I really hope LXD maintains the convenience of Docker with the added isolation a hypervisor brings.
Rocket is an implementation of the App Container Specification, which is an open standard. There's several other implementations as well, and Apache Mesos is working on another.
Each will have their own workflow, but be interchangeable and compatible with images.
>either useless or poorly implemented, and it's primary
>benefits can be easily achieved using namespaces directly.
any tutorial ? For me the docker is very easy.
and there are some new alternatives:
- LXD : https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-N...
- Rocket: https://coreos.com/blog/rocket/
- Flockport : http://www.flockport.com/faqs/
- Spoon : https://spoon.net/docs/getting-started/spoon-and-docker