1 |
On Mon, Feb 17, 2020 at 2:24 PM Nikos Chantziaras <realnc@×××××.com> wrote: |
2 |
> |
3 |
> On 17/02/2020 21:05, Rich Freeman wrote: |
4 |
> > I wouldn't use a chroot for anything at this point - anything you can |
5 |
> > do with one you can do just as easily with a container, with more |
6 |
> > separation. They're just as easy to set up as well - I personally use |
7 |
> > nspawn to run my containers but I'm sure lxc is almost as simple and |
8 |
> > of course it doesn't require running systemd. |
9 |
> |
10 |
> nspawn seems very nice indeed. Haven't used it before, and that's simply |
11 |
> because I never heard of it :-) Now that I did, it looks like it's what |
12 |
> I'll be using from now on: |
13 |
> |
14 |
> https://wiki.archlinux.org/index.php/Systemd-nspawn |
15 |
|
16 |
Well, if you decide to play with it I'll offer up: |
17 |
https://rich0gentoo.wordpress.com/2014/07/14/quick-systemd-nspawn-guide/ |
18 |
|
19 |
That, and: |
20 |
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot |
21 |
--link-journal=guest --directory=/path/to/container/root |
22 |
--network-bridge=<brname> |
23 |
KillMode=mixed |
24 |
Type=notify |
25 |
|
26 |
Though, if I didn't already have this recipe handy I'd be using nspawn |
27 |
units I suppose. Oh, this does require a bridge for your networking. |
28 |
If you're using KVM you probably already have one set up - the |
29 |
approach is identical. |
30 |
|
31 |
Rich |