Indeed the docker revolution was the Dockerfile and container images: the latter a convenient way to store and share container binaries and the former a convenient way to define recipes for the latter.<p>This is also what they are trying to do with wasm and what (in part) GitHub did with git: creating a developer ecosystem.
But containers are not just chroot + marketing. Some containers offer real security advantages not found with using straight up chroot. I would agree that the __basis__ of containers is chroot however.<p>Any search of "chroot vs docker" or "chroot vs lxc" will immediately show that there are <i>some</i> attempts made to isolate the container from the host.<p>But I will say that I use docker images on a regular basis in chroots for the simple fact that I don't have to wait for debootstrap (or similar) to build a chroot for me.
Author here. Containers always seemed a little magical to me. So I dug into how they work and then built a “container runtime” that only uses the change root sys call (Which has been in UNIX since the 70s).<p>This was not only fun, but took a way a bit of the magic, so I could better understand what’s going on when I use real containers.<p>Let me know what you think!
My understanding is that chroot can be escaped, and containers prevent that. Am I mis-informed?<p>My view is that VMs, Containers, WASM and all the other things of that sort are just efforts to patch the lack of capability based security in the Unix/Linux/Windows OS model.
> One new possibility that seems exciting to me is building native OS X containers based on chroot<p>I'd actually like to see macOS support BSD jails.