Hello HN! I was bothered that no existing sandboxing solution can run my $job project, due to the limitations of running inside an OCI container, or some sort of limited process like landlock / bubblewrap etc. My options were spawning a new VM per worktree, which takes minutes to boot and allocates a chunk of RAM... or build a custom solution which uses just a single VM plus LXC containers -- the kind of containers with a full init system, capable of running systemd services, OCI containers and even full Kubernetes distributions.
So here it is. Fresh container start takes <10s. Works best with VSCode, which will neatly show changes from all worktrees in the sidebar, letting you review, edit and commit them easily. Let me know what you think!
Comments URL: https://news.ycombinator.com/item?id=47628034
Points: 2
# Comments: 1