Lets take sshd for example, you would need to create a skeleton directory structure, /bin, /dev, /lib, etc in your rootfs container, have /bin/bash, a whack of /libs, some /dev devices, and then your sshd application. So an extremely minimalistic rootfs with only the sshd requirements. You could find these my running 'lsof -p `pidof sshd`' , maybe 'ldd /usr/sbin/sshd' (and all their dependencies) too, which quickly snowballs.
Hopefully this explains where I was going with that. Also, this is not a simple task to try and strip off these services into self contained entities. There are lots of hidden issues, like how do we handle logging? Should the container have syslog too? So, there is work that needs to happen, I just like the idea of not running a full fledged OS in a container.
This is solved by the union-based filesystem (AUFS) that Docker uses. You start with one minimal rootfs like you describe, given in the "base" image, then when you install sshd you get copy-on-write semantics. So the sshd container gets its own syslog files separate from any other container.
Your original comment talks about how long LXC has existed but AUFS is one key component of Docker that became part of mainline Linux much more recently.
Lets take sshd for example, you would need to create a skeleton directory structure, /bin, /dev, /lib, etc in your rootfs container, have /bin/bash, a whack of /libs, some /dev devices, and then your sshd application. So an extremely minimalistic rootfs with only the sshd requirements. You could find these my running 'lsof -p `pidof sshd`' , maybe 'ldd /usr/sbin/sshd' (and all their dependencies) too, which quickly snowballs.
Hopefully this explains where I was going with that. Also, this is not a simple task to try and strip off these services into self contained entities. There are lots of hidden issues, like how do we handle logging? Should the container have syslog too? So, there is work that needs to happen, I just like the idea of not running a full fledged OS in a container.