This is the eventual future.

What most people don't realize is that a large part of Docker's value is in being a generic static compiler for languages that don't have that feature.

Pretty soon you can expect raw process support in many "container" management systems, where you just provide it a linux binary which are then run in isolated cgroups and namespaces.

Does it never do DNS lookups? Open files? Do you not want to tie into process management? Logging? Do you really have no dependencies on a functioning locale? Network settings? Are you sure it won't try to exec anything?

An application with no other dependencies is exceedingly rare. Small tools, sure. Sometimes. But even then I see people making silly assumptions all the time, which makes using a container as a suitable straightjacket very useful.

E.g. I run all kinds of tools "with no other dependencies" all the time, that turns out to have all kinds of dependencies when you actually try to put it in the smallest container possible.

> Does it never do DNS lookups?

Yes, it does.

> Open files?

Yes, it does.

> Do you not want to tie into process management?

I don't know what this means.

> Logging?

Yes.

> Do you really have no dependencies on a functioning locale?

What makes a locale "function"?

---

Remember that the my standard C lib or whatever can be statically linked as well. At that point, I'm left with syscalls.

Docker containers depend on syscalls too; it's not like they ship with their own kernel. (If they did, they'd be VMs.)

I think this is too strong a statement. To have "no other dependencies" you would have to statically link in (1) the operating system (including device drivers) and (2) the hardware model, to be absolutely sure. Only virtual machines (possibly including Java VM) can give you such guarantee.

And do you believe this set of issues doesn't apply to Docker?