Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Add ability to run VMs in containers in Cloudron via Sysbox



  • Please add ability for Apps to be packaged with not only runc but sysbox-runc as well.

    This is awesome, and let's one run full machine images in docker containers, fast, rootless, secure.

    How would you like to run the latest Ubuntu image in a container inside Cloudron?

    https://blog.nestybox.com/2020/10/06/related-tech-comparison.html
    alt text

    Since I'm all into emerging technologies, they were also invited to give a talk at my meetup, https://BayLISA.org
    ..and everyone loved it.

    One can run a full OS in a container now with no performance loss!

    The one change to Cloudron that would be required is a single line for when docker launches container to include a different --runtime

    This would also allow for Cloudron in Cloudron (CinC) as well as a properly secure Docker in Docker(DinD). (Inception)

    These are the requirements, which all Cloudrons already have: https://github.com/nestybox/sysbox-ee/blob/master/docs/distro-compat.md


  • App Dev

    @robi said in Add new OCI container runtime - Sysbox:

    One can run a full OS in a container now!

    Can you already technically do this? Even without root, one can get X11, browsers, etc etc etc in docker - am I missing something here?



  • @murgero yes, you are missing a lot. read the blog 😛

    Containers were designed for apps.

    Sysbox is designed for more than apps.

    It's significant.



  • @mehdi said in Why do we have to push an image to a registry?:

    https://git.cloudron.io/cloudron/box/-/commit/546e38132510e29792323a9947ac7cdf9aa55c98

    The patch is in a commit in the master branch, so it will be in the next release 🙂

    I only realized that after I added the patch cause I had to copy and paste from master code. I just got confused because he said "patch" - but I'm happy this is in master. I know you're a developer so it could help you too in the right scenario. And IIRC, you are one of the few that knows how to work with box code.



  • Can't wait for Sysbox integration so you can have a dev cloudron running on any prod Cloudron in a container, completely isolated.



  • @robi said in Why do we have to push an image to a registry?:

    Can't wait for Sysbox integration so you can have a dev cloudron running on any prod Cloudron in a container, completely isolated.

    What, you're kidding me, that would help so much with box code changes. I've been making all of my box code changes in ssh via nano and...well, that method leaves something to be desired with how many changes all the files went through.

    It's this "Sysbox integration" planned? Still not sure exactly what Sysbox is, but if it allows me to contribute more easily to Cloudron box code, I'M INNNN!!!



  • Yes, I posted about it.


  • App Dev

    It is not planned, I believe, as the devs have not given their opinion in the matter.

    Also, one could technically already create a Cloudron-in-cloudron app today. The limit is not the containers, as you can run docker-in-docker. The limit is that it would be an infrastructure nightmare, like which cloudron should expose which ports on the main public IP, and such. Sysbox would not help at all in this matter.


  • App Dev

    I do not think Cloudron should move to Sysbox.

    • It is not necessary for cloudron apps to run "full systems" instead of just an app inside the container. I do not see any usecase for this
    • ~350 github stars vs ~7300 => it's less maintained, there's less community : let's stick to the regular runc everyone uses, it will be easier to solve problems when they arise


  • @mehdi said in Add ability to run VMs in containers in Cloudron via Sysbox:

    The limit is that it would be an infrastructure nightmare, like which cloudron should expose which ports on the main public IP, and such.

    Well, running Cloudron inside of Cloudron as an app would just massively speed up development. That would be my only reason, so
    wouldn't care at all about security. Just development speed.



  • @robi What does sysbox allow for beyond @mehdi's suggestion of just adjusting Cloudron itself into having the ability to be inside it's own container - which for me would allow for box code contributions to use the same development flow as my app development flow - so I'd contribute more to the project, given it is open-source.

    I don't think I'd need something like Sysbox if that's all I want it for, right?



  • Yeah, I reread this and I see sysbox of just being needless overhead when Cloudron can just be adapted as an app (to easier develop on, it the developers ever alright that). Reminds me of the whole "you can only emulate the Apple OS on Apple Hardware" thing. But it would be cool if I could alter Cloudron a little bit to give it the ability to run inside another Cloudron. The dev benefits alone, so much more speedy for box changes. At least for external contributors. I don't have a build flow for box so if we're ever able to use our normal cloudron update for it, I'll be contributing a lot more to this project with feature forks.


Log in to reply