why do you need the isolation properties of containers in the first place? Why not just run in a chroot?
Docker containers are about more than isolation, they're also packaging. In my case, I already have a docker-compose.yaml with five services; adding another program as a chroot instead of a sixth service would significantly increase the installation complexity.
I do agree with you that mounting the Docker socket should never be recommended on a tutorial.
Right, there is a tooling argument. My point was that you can get most of the packaging with just chroot -- images are just tar archives at the end of the day.
But I might be biased given that while I've worked on both runtimes and image tools, runtimes have a lot more interesting problems so I tend to focus more on them when discussing the benefits of containers. :P
Docker containers are about more than isolation, they're also packaging. In my case, I already have a docker-compose.yaml with five services; adding another program as a chroot instead of a sixth service would significantly increase the installation complexity.
I do agree with you that mounting the Docker socket should never be recommended on a tutorial.