#namespace

vn971@diasp.de

Q: How do people normally "emulate" a Linux distro?

How I know it can be done -- with docker. It has straight-forward techniques to run an OS, but generally it recommends to only run 1 service per docker instance.

How I'm currently doing it -- with debootstrap & bubblewrap. A command like this is what's run on my system now:

env -i TERM=xterm PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
bwrap \
--bind debian-stretch/ / \
--dev /dev --proc /proc \
--unshare-ipc --unshare-pid \
--die-with-parent \
--new-session /bin/bash

It has the downside of that I'm running it as real root on the host system.

So, main question: how should I be doing it? Ideally, I'd like to run something unprivileged. The virtualized / containerized system should think it has root though. Thoughts?

#linux #debootstrap #bubblewrap #container #cgroup #namespace #firejail