> When instead, the real problem is that people's applications should be able to run in-place without having to take control of the entire operating system.
We have plenty of mechanisms - including cgroups - that allows you to achieve that.
What containerisation solutions solve is providing a convenient build and packaging solution that includes a decent level of isolation including preventing state from polluting the surrounding system.
The biggest problem is not lack of isolation mechanisms, but that most developers have no clue they even exist.
Try to get the average Linux developer to tell you what seccomp is, for example, and if they know what it is, try to get them to tell you how to use it [1]. There's plenty of room for innovation here, and plenty of room for more different solutions, but the biggest problem they will need to solve is how to make these mechanisms easy enough to use.
We have plenty of mechanisms - including cgroups - that allows you to achieve that.
What containerisation solutions solve is providing a convenient build and packaging solution that includes a decent level of isolation including preventing state from polluting the surrounding system.
The biggest problem is not lack of isolation mechanisms, but that most developers have no clue they even exist.
Try to get the average Linux developer to tell you what seccomp is, for example, and if they know what it is, try to get them to tell you how to use it [1]. There's plenty of room for innovation here, and plenty of room for more different solutions, but the biggest problem they will need to solve is how to make these mechanisms easy enough to use.
[1] An example here: http://blog.viraptor.info/post/seccomp-sandboxes-and-memcach...