Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does it never do DNS lookups? Open files? Do you not want to tie into process management? Logging? Do you really have no dependencies on a functioning locale? Network settings? Are you sure it won't try to exec anything?

An application with no other dependencies is exceedingly rare. Small tools, sure. Sometimes. But even then I see people making silly assumptions all the time, which makes using a container as a suitable straightjacket very useful.

E.g. I run all kinds of tools "with no other dependencies" all the time, that turns out to have all kinds of dependencies when you actually try to put it in the smallest container possible.



> Does it never do DNS lookups?

Yes, it does.

> Open files?

Yes, it does.

> Do you not want to tie into process management?

I don't know what this means.

> Logging?

Yes.

> Do you really have no dependencies on a functioning locale?

What makes a locale "function"?

---

Remember that the my standard C lib or whatever can be statically linked as well. At that point, I'm left with syscalls.

Docker containers depend on syscalls too; it's not like they ship with their own kernel. (If they did, they'd be VMs.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: