55
Containers are chroot with a Marketing Budget
(earthly.dev)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
You're comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.
You could in theory use NixOS to define a system environment that you'd run inside of a docker container. It's a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that's beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).
As I understand it, the problem that both Nix and Docker try to solve is "How do I bundle and run this application in such a way that its dependencies are explicitly specified and don't interfere with anything installed on the host system".
They have different approaches, but I think that goal is the same?
That's Nix, not NixOS.
I also wouldn't be too sure on that "explicit" part for Docker. It's somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.
No, containers further isolate the network and hardware interaction of the process etc
Unless it has changed recently, Docker is not intended to be a security layer as far as I know.