infix icon indicating copy to clipboard operation
infix copied to clipboard
verified publisher icon kernelkit

Study container runtime alternatives to podman

Open troglobit opened this issue 2 months ago • 1 comments

Investigate possibility of replacing podman with something closer to our core values of immutability, security, and usability.

At the time of this, 2025-10-06:

  • AppTainer"Secure. Portable. Encryptable."
  • Lilypod — "a simple[^1] container manager"
  • Incus — Continuation of the lxd project, which was the high-level tool for lxc, but with OCI support, aimed at system containers. See also https://linuxcontainers.org/incus-os/introduction/

[^1]: Note, no seccomp, no cgroups, no capabilities. For more information on this, see these notes. However, these are properties that we could add to Finit services and benefit from with regular system services as well 🤔

troglobit avatar Oct 06 '25 11:10 troglobit

CCB:

Requirement: Being able run from a Squash or EROFS (immutable image)

Pick up this work in ~Jan timeframe

wkz avatar Oct 20 '25 08:10 wkz