> Can we somehow combine the advantages of the docker ecosystem with VMs?
Shameless plug: this is exactly what our goal is with https://kwarantine.xyz We are creating a new hypervisor (from scratch) that can run strongly isolated Docker/LXC containers.
No, gVisor is from Google. They emulate system calls in user-space and use VMs, which increases runtime performance overhead. We use hardware virtualization to directly run containers -- no I/O emulation, no expensive VM exits, scale as needed. Initial comparison with FC/GVisor/Xen here: https://github.com/ashishbijlani/kwarantine
Thanks for the poke on this. I had looked briefly and become frustrated that many of the instructions I found assumed you were a kernel dev and started with compiling everything from source— the Debian-supplied UML binaries seem to work well for my needs though, and do indeed allow doing basic stuff like mounting a disk image so you can run install-grub on it.
Hmm, building UML from source is really easy. Here [0] is my process for doing it, as a Makefile. The actual compile step is just one line (line 32):
$(MAKE) -C linux-$(KERNEL_VERSION) ARCH=um linux
The rest of it sets up the configuration how I want and compiles other dependencies (like slirp) or is for maintenance, like cleaning up, or downloading.
This is a rather old version -- newer versions check the checksum and use my HashCache system.
Shameless plug: this is exactly what our goal is with https://kwarantine.xyz We are creating a new hypervisor (from scratch) that can run strongly isolated Docker/LXC containers.