←back to thread

Deno Under TinyKVM in Varnish

(info.varnish-software.com)
99 points perbu | 1 comments | 11 Apr 25 05:37 UTC | HN request time: 0.338s | source
Show context
codethief ◴[11 Apr 25 14:47 UTC] No.43654409[source]
In case anyone from Varnish is around, possibly even the author himself: Last time we discussed TinyKVM here, I wanted to know[0] whether it could possibly be used as an OCI container runtime and what capabilities it would need? Background: I would like to use it as a runtime in order to allow for nesting containers in my CI pipelines, which is difficult with standard OCI runtimes like runc/crun without granting them privileges or at least additional capabilities that AppArmor is not happy about. Anyway, I'd still be very much interested in an answer! :)

[0]: https://news.ycombinator.com/item?id=43364218

replies(3): >>43655552 #>>43655776 #>>43656132 #
1. laurencerowe ◴[11 Apr 25 16:39 UTC] No.43655776[source]
As I understand it TinyKVM is so fast because it does not run a full Linux guest but rather a thin layer with just enough syscall compatibility to run single threaded Linux static binaries.

I’ve been running varnish/tinykvm using podman by using passing /dev/kvm into the container and adding myself to the kvm group. https://github.com/lrowe/deno_varnish?tab=readme-ov-file#run...

Maybe you would be better off with something like krun which is built to run OCI containers in a full Linux kvm guest. https://josecastillolema.github.io/podman-wasm-libkrun/