The work on #bootc Is coming along very nice! This morning keynote by @cgwalters, Dan Walsh, and Stef Walter was very nice to see the current state of it in #Fedora and CentOS Stream. #devconf_cz

@fale @cgwalters how does bootc align with e.g. https://lwn.net/Articles/644675/ ? just interested...

@jarkko @fale I should write something up in the bootc page on this but briefly: Clear Containers became Kata Containers, which indeed uses a kernel, but not one embedded in the container image. It's about running OCI containers transparently as VMs - otherwise same as podman/docker. So it's mostly the same q as the difference between bootc and docker/podman. You don't (usually) ssh into your Kata container or run containers inside it, but you do on a bootc host.

@cgwalters @fale OK, that's really cool progress!

I should have put my words better but does it use like same tricks and ideas still, like e.g. using DAX as a tool to bypass page cache of the guest kernel? Does this have some new ideas in the nitty gritty details level? Obviously heavy use of virtio like anything in this part-container/part-vm space...

@cgwalters @fale BTW, is the Fedora version up to date or would it be more advisable at this point to build from upstream (0.1.11)? Or is there a more bleeding edge copr for this work?

I have personal interest for this because to this day I’ve used libvirt for development environments and qemu-system-* for more automated QA [1]. For the former use case this might be my entry to popular “development containers” ;-) So I might be even willing to fix some issues along the way, if I encounter any.

I’m more of a “allow list” than a “deny list” type of person, and thus Linux containers have felt to me quite bad to this day, to be honest.

<personal-and-extremely-subjective-opinion> Docker is a great example of a successful duct tape product to fix something broken to appear as unbroken ;-) Market was formed by bad design decisions in kernel (emphasis on subjectivity of this opinion) [2]. </personal-and-extremely-subjective-opinion>

[1] https://gitlab.com/jarkkojs/linux-tpmdd-test [2] Mainly speaking about the “evil net of namespaces”, which is a mess. I think Cgroups in its second iteration is quite good actually for what it does.

@jarkko @fale There is no "bootc runtime". I tried to expand on this in the docs in https://github.com/containers/bootc/pull/605/files

@cgwalters @fale I'll play with it once have some bandwidth to get better idea what it is and what it isn't ;-)