this post was submitted on 14 Nov 2024
50 points (75.5% liked)

Linux

48375 readers
1412 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 week ago (1 children)

You're comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.

You could in theory use NixOS to define a system environment that you'd run inside of a docker container. It's a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that's beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).

[–] [email protected] 3 points 1 week ago (2 children)

As I understand it, the problem that both Nix and Docker try to solve is "How do I bundle and run this application in such a way that its dependencies are explicitly specified and don't interfere with anything installed on the host system".

They have different approaches, but I think that goal is the same?

[–] [email protected] 2 points 1 week ago

That's Nix, not NixOS.

I also wouldn't be too sure on that "explicit" part for Docker. It's somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.

[–] [email protected] 1 points 1 week ago (1 children)

No, containers further isolate the network and hardware interaction of the process etc

[–] [email protected] 3 points 1 week ago (1 children)

Unless it has changed recently, Docker is not intended to be a security layer as far as I know.