Question about the Additional Feature of Pouch: Strong Isolation

[gaocegege]

Issue Description

There is one additional feature of Pouch in the faq.md:

• strong isolation: Pouch can create a VM with hypervisor technology via runV and clearcontainer

AFAIK, runV(with Frakti) and clear containers are OCI-compatible and CRI-O-compatible, then they could work seamlessly with both Docker and Kubernetes.

Then why does Pouch list it as a additional feature compared to Docker? Or is it a comparison between Pouch and native Docker without runV/clearcontainers?

I'd appreciate it.

Describe what happened:

Nothing

Describe what you expected to happen:

Nothing

How to reproduce it (as minimally and precisely as possible):

Nothing

Anything else we need to know?:

Nothing

[allencloud]

AFAIK, runV(with Frakti) and clear containers are OCI-compatible and CRI-O-compatible, then they could work seamlessly with both Docker and Kubernetes.

What you said is right. This strong isolation will rely on runV/clearcontainer, but beyond runV/clearcontainer. From my point of view, runv/clearcontainer did a lot of great work on integration qemu and minikernel and images. We take advantages of that functionality. However in underlying implementation, we differentiate in many ways. For with more light-weighted hypervisor to skip bios or UEFI. And this is related to isolation and performance.

[gaocegege]

Thanks for your explanation, I will take a look at the code :=)

[allencloud]

We will add this part soon.

[gaocegege]

Looking forward to it :)