github.com/ggreg80/ketos@v0.0.0-20171109040536-049616f51ddb/docs/questions.md

github.com/ggreg80/ketos@v0.0.0-20171109040536-049616f51ddb/docs/questions.md (about)

     1  questions need to be dig deeper
     2  ----
     3  
     4  * Which ACI, OCI or docker image builder projects use `--privileged` mode, how sure, and is there any one doesn't use it?
     5  	* rkt/rkt
     6  	* containers/build
     7  	* projectatomic/buildah
     8  	* sgotti/baci
     9  	* blablacar/dgr
    10  * What's the current relationship and state between ACI, OCI and docker image.
    11  	* https://github.com/appc/spec#-disclaimer-
    12  * When dig in, lots of languages using libc to affect with kernel, but golang not. see [my ask](https://goo.gl/S4KJse), and the talk at [Hacker News](https://goo.gl/bFysCw) and the [relative article](https://goo.gl/1XmwtC)
    13  	* Golang execution [design document](https://goo.gl/UY4vDB)
    14  	* the golang may wanna implement everything in golang, the runtime is in golang since 1.5 see [here](https://www.infoq.com/news/2015/08/go-1-5).
    15  		* dig deeper if the runtime of rust-lang implemented in c or rust, and is rust based syscall or libc.
    16  * Why need manage `/dev` folder when docker create a container.
    17  * A brief comparison between overlayfs and aufs, and the relationship to docker storage driver
    18  	* The differences between docker overlay and overlay2 storage driver
    19  	* The brief history of other unionfs, devicemapper, btrfs and zfs
    20  	* How does docker unionfs read and write, the io costs.
    21  	* [Some old documents](https://git.io/vd17o) about docker storage driver
    22  
    23  * Using ptrace to solve golang-skipping-libc problem, and benchmark each solution, ptrace and libc `LD_PRELOAD`.
    24  	* [strace in 60 lines of go](https://hackernoon.com/strace-in-60-lines-of-go-b4b76e3ecd64)
    25  	* [write yourself an strace in 70 lines of code](https://blog.nelhage.com/2010/08/write-yourself-an-strace-in-70-lines-of-code/)
    26  	* [brief comparison between ptrace and `LD_PRELOAD`](https://fakeroot-ng.lingnu.com/index.php/Home_Page#Technical_differences_between_Fakeroot_and_Fakeroot-ng)
    27  	* projects comparison fakeroot-ng vs fakeroot and fakechroot vs proot
    28  	* ptrace syscall leaks some security problems. see CVE-2014-4699 and CVE-2016-5195 in [article](https://docs.docker.com/engine/security/non-events/).
    29  	* here is another [issue of seccomp with ptrace allowed](https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51)
    30  
    31  * How does `LD_PRELOAD` work.
    32  	* Will it work with golang `os/exec` pkg, yes.
    33  	* Is it under POSIX definition, no.
    34  	* more detail in ld.so man page.
    35  
    36  * When docker image format will be replaced by OCI image format.
    37  * How does `docker create` mount docker image and create a container.
    38  * Some combination of outer docker daemon storage driver and inner storage driver [doesn't work](https://goo.gl/cjKAUs), research the reason. The storage driver compatible matrix is [here](https://goo.gl/Me7EFF), and other information for choosing storage driver on the same page.
    39  
    40  * Some guys said glibc can't be statically linked. dig the reason
    41  	* Statically link libc will cause porting problem, if glibc is too big, uClibc or musl is a replicaing solution for some situation.