@fraggle I’ve been toying with running some stuff inside systemd’s constraints instead of docker-style containers. Jury still out it. About to experiment with systemd-nspawn. Possibly the other hardening parameters, and access to my regular root fs, is sufficient tbh.
- replies
- 1
- announces
- 0
- likes
- 1
@fraggle one advantage of docker-style containers, even for overkill situations like “statically linked self contained Go program in a virtually empty rootfs” is I can use the same steps to manage them and update them as any other container. (I don’t use docker itself anymore tho)