mick.crane wrote: > On 2023-05-22 20:10, Dan Ritter wrote: > > mick.crane wrote: > > > This is a request for best practice, perceived knowledge. > > Try KVM/QEMU, which is available via the libvirt tools; the > > primary graphical interface is virt-manager, and the primary CLI > > is virsh. > > > > -dsr- > > This is like a "container" using the kernel from debian installation ?
Let's look at the landscape of partitioning, from least separated to most. a program running as root a program running as a shared user a program that starts as root and then drops capabilities to run as a dedicated user a program running as a dedicated user a program running as a dedicated user in a chroot jail a program running in a container [uses the kernel namespaces feature to keep separation for filesystem, network access, CPUs] a program running in a paravirtualized machine [OS calls are wrapped and passed through] a program running in an emulated machine [everything is emulated] libvirt can manage containers, paravirtualized machines, and emulated machines. KVM/QEMU can handle the latter two. -dsr-
