Back into an OCI image? I don’t know if lxc can do that, but podman can. I think it is podman save that allows you to save your current container as an image. Or, even better would be to use buildah. With buildah your expected workflow is to kind of run a container, run a script against that container, then save it at the end. In fact I’m specifically thinking of images I’ve created with buildah as being almost completely useless with this LXC technique. I’ve used the RHEL UBI micro image before and it doesn’t even have a package manager. You actually mount the container to the host and use the host’s package manager to install what is needed and then unmount it to save. It makes a super slim image with as little attack surface as possible.
With buildah you can take it even farther and build a container “from scratch.” So, no packages at all. Then use your package manager to install the bare minimum to get things done.
Actually, I could see myself using this for development if there were an easy way to package it back into a container image.
Back into an OCI image? I don’t know if lxc can do that, but podman can. I think it is
podman savethat allows you to save your current container as an image. Or, even better would be to use buildah. With buildah your expected workflow is to kind of run a container, run a script against that container, then save it at the end. In fact I’m specifically thinking of images I’ve created with buildah as being almost completely useless with this LXC technique. I’ve used the RHEL UBI micro image before and it doesn’t even have a package manager. You actually mount the container to the host and use the host’s package manager to install what is needed and then unmount it to save. It makes a super slim image with as little attack surface as possible.That last is interesting. I’m going to play with that some.
With buildah you can take it even farther and build a container “from scratch.” So, no packages at all. Then use your package manager to install the bare minimum to get things done.