You can have a look at systemd-nspawn and machinectl actually. Sounds like exactly what you’re looking for :)
Comment on Suggestions for Improving Linux Server Security: Beyond User Permissions and Groups?
matcha_addict@lemy.lol 3 weeks agoI really wish there was a system wide package manager for docker containers, which would update software in all your containers at once similar to how a typical package manager would.
I did not completely rule out docker, but I wonder if I can obtain most of its benefits without this major con with package management. I mean I know it’s possible, since its mostly kernel features, but it would be difficult to simulate and the tooling is probably lacking (maybe nsjail can get me closer).
wildbus8979@sh.itjust.works 3 weeks ago
matcha_addict@lemy.lol 3 weeks ago
I am really interested in systemd-nspawn. Unfortunately I have openRC now (I liked it’s simplicity) so can’t try out systemd yet.
Is machinectl tied to systemd also?
486@lemmy.world 2 weeks ago
You could give bubblewrap a try instead. It is quite similar to systemd-nspawn.
wildbus8979@sh.itjust.works 3 weeks ago
Yes machinectl is the interface for nspawn
monkeyman512@lemmy.world 3 weeks ago
github.com/containrrr/watchtower