Running a Container off the Host /usr/

[Tolkem]

Hi, everyone! Hope you're all having a nice life!
I just bumped into this while checking my feed https://0pointer.net/blog/running-an-container-off-the-host-usr.html And I thought I'd share.
An excerpt:

I develop system-level software as you might know. Oftentimes I want to run my development code on my PC but be reasonably sure it cannot destroy or otherwise negatively affect my host system. Now I could set up a container tree for that, and boot into that. But often I am too lazy for that, I don't want to bother with a slow package manager setting up a new OS tree for me. So here's what I often do instead — and this only works because of the /usr/-merge.

And here's the follow-up to the above post https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html
Both posts are quite interesting. They deal on how to use systemd-nspawn to run software in "a light-weight namespace container." For more on systemd-nspawn read here and here
Both links contain basically the same info, but the second one from the amazing arch wiki has a few more, useful examples.

 

[dos2unix]

This looks a lot like podman.

 

[Tolkem]

This looks a lot like podman.

I don't know much about podman, I've only read a couple of things about it. I do know though, that it's fully compatible with docker. I did know about systemd-nspawn from before the posts I shared as I read about it in a Debian forum's post https://forums.debian.net/viewtopic.php?f=16&t=129390 and it's being around since 2016, at the very least. I believe podman is relatively newer, from around 2019.