You can bind your application to 127.0.0.2 for one container and to 127.0.0.3 for another container. Both can listen on port 80 and both can communicate with each other. And you can run another container, binding to 1.2.3.4:80 and using it as reverse-router. You can use iptables/nftables to prevent undesired connections and manually (or with some scripting) crafted /etc/hosts for named hosts to point to those loopback addresses. Or just DNS server. It's all doable.

The only thing that you need is the ability to configure a target application to choose address to bind to. But any sane application have that configuration knob.

Of course things are much easier with network namespaces, but you can go pretty far with host network (and I'd say it might be easier to understand and manage).

Process isolation is more about load management/balancing, which is more of a production concern than a development one.

[dead]

We called it "VMware".

The short answer is docker concentrated on files, whereas other VM oriented tech concentrated on block devices.

Dockers is conceptually simpler for devs and the layer use case but has huge performance issues which is why it never went anywhere for non-docker classic IT type use cases.

Containerd/nerdctl supports a number of snapshotter plugins: Nydus, e Stargz, SOCI: Seekable OCI, fuse-overlayfs;

containerd/stargz-snapshotter: https://github.com/containerd/stargz-snapshotter

containerd/nerdctl//docs/nydus.md: https://github.com/containerd/nerdctl/blob/main/docs/nydus.m... :

nydusify and Check Nydus image: https://github.com/dragonflyoss/nydus/blob/master/docs/nydus... :

> Nydusify provides a checker to validate Nydus image, the checklist includes image manifest, Nydus bootstrap, file metadata, and data consistency in rootfs with the original OCI image. Meanwhile, the checker dumps OCI & Nydus image information to output (default) directory.

nydus: https://github.com/dragonflyoss/nydus

awslabs/soci-snapshotter: https://github.com/awslabs/soci-snapshotter ; lazy start standard OCI images

/? lxc copy on write: https://www.google.com/search?q=lxc+copy+on+write : lxc-copy supports btrfs, zfs, lvm, overlayfs

lxc/incus: "Add OCI image support" https://github.com/lxc/incus/issues/908

opencontainers/image-spec; OCI Image spec: https://github.com/opencontainers/image-spec

opencontainers/distribution-spec; OCI Image distribution spec: https://github.com/opencontainers/distribution-spec

But then in the

opencontainers/runtime-spec//config.md OCI runtime spec TODO bundle config.json there is an example of a config.json https://github.com/opencontainers/runtime-spec/blob/main/con...

The LXC approach is to run systemd in the container.

The quadlet approach is to not run systemd /sbin/init in the container; instead create .container files in /etc/containers/systemd/ (rootful) or ~/.config/containers/systemd/*.container (for rootless) so that the host systemd manages and logs the container processes.

Then realized you said QEMU not LXC.

LXD: https://canonical.com/lxd :

> LXD provides both [QEMU,] KVM-based VMs and system containers based on LXC – that can run a full Linux OS – in a single open source virtualisation platform. LXD has numerous built-in management features, including live migration, snapshots, resource restrictions, projects and profiles, and governs the interaction with various storage and networking options.

From https://documentation.ubuntu.com/lxd/latest/reference/storag... :

> LXD supports the following storage drivers for storing images, instances and custom volumes:

> Btrfs, CephFS, Ceph Object, Ceph RBD, Dell PowerFlex, Pure Storage, HPE Alletra, Directory, LVM, ZFS

You can run Podman or Docker within an LXD host; with or without a backing storage pool. FWIU it's possible for containers in an LXD VM to use BTRFS, ZFS, or KVM storage drivers to create e.g. BTRFS subvolumes instead of running overlayfs within the VM by editing storage.conf.