Deno Under TinyKVM in Varnish

(info.varnish-software.com)

99 points perbu | 1 comments | 11 Apr 25 05:37 UTC | HN request time: 0.973s | source

Show context

codethief ◴[11 Apr 25 14:47 UTC] No.43654409[source]▶

In case anyone from Varnish is around, possibly even the author himself: Last time we discussed TinyKVM here, I wanted to know[0] whether it could possibly be used as an OCI container runtime and what capabilities it would need? Background: I would like to use it as a runtime in order to allow for nesting containers in my CI pipelines, which is difficult with standard OCI runtimes like runc/crun without granting them privileges or at least additional capabilities that AppArmor is not happy about. Anyway, I'd still be very much interested in an answer! :)

[0]: https://news.ycombinator.com/item?id=43364218

replies(3): >>43655552 #>>43655776 #>>43656132 #

antoniomika ◴[11 Apr 25 16:20 UTC] No.43655552[source]▶

>>43654409 #

Check out sysbox[0], it's a runc based runtime that allows you to run "system" containers without privilege.

[0]: https://github.com/nestybox/sysbox

replies(1): >>43663401 #

1. codethief ◴[12 Apr 25 11:13 UTC] No.43663401[source]▶

>>43655552 #

Thanks, I've come across sysbox before. But it seems it's become relatively quiet since it's gotten acquired by Docker? Moreover, I've yet to hear of anyone who has been using it in production.

↑