Re: Missing tools? @Pascal
I know that "everything to run will be in the container", and have even been playing about a bit with things like Docker.
I know that you are supposed to spin up the container running as few processes as possible (although thank heaven the original "one process per container" idea seems to have been dropped), but many existing applications are not written to work like this.
The article says that it is a kernel (and presumably sufficient libraries), but also says that the tooset is written in Rust (to eliminate security holes and memory leaks, apparantly). Has the full GNU toolset been ported to Rust? I think not.
When I think what is happening, I feel that what we have with containers is a shift up the virtualization stack. We had an OS which ran applications and processes. They then put in Hypervisors above the OS, to allow isolation between different OS images. We've now moved down a level, so the hosting OS becomes the Hypervisor, the container becomes the OS, and the applications are... still applications.
I wonder how long it will be before someone suggests radically revisiting the process-to-process isolation, and deleting the containers as wasteful, so we then go back to properly isolated processes running on a secure OS. Round in a full circle.