undefined | Better HN

0 points_joel2y ago0 comments

I mean in terms of functionality, this doesn't give me anything extra to what using docker would do on macos (granted it's via a linux based VM). From an end user perspective there's no real difference, but I don't have to entirely disable SIP just to use it.

Something like namespaces or proper jails on darwin would be super cool, but not at the expense of other security measures and chroot-ish outcome imho. Maybe this works for some, but not me :)

0 comments

lloeki2y ago

> I mean in terms of functionality, this doesn't give me anything extra to what using docker would do on macos (granted it's via a linux based VM)

Ah, I understand your angel, in that your use case is to run namespaced processes that achieve some functional purpose irrespective of the underlying kernel/platform, which is totally fair.

> not at the expense of other security measures

Not for me either... that is, not in a host OS, maybe a dedicated VM; I consider this to be as it says on the tin, 0.0.1, a thing that would help bootstrap an ecosystem of containers, which would push towards Apple adding namespaces or jails (oh, hell yeah, JailKit!) to darwin.

slonopotamus2y ago

> this doesn't give me anything extra to what using docker would do on macos

You're missing the point. This project DOES use docker.

_joelOP2y ago

I mean docker machine/desktop (kinda implicit of running docker on macos) not the cli or anything :)

j / k navigate · click thread line to collapse