The systemd-nspawn command runs a command or OS in a lightweight namespace container
“In many ways it is similar to chroot(1), but more powerful since it fully virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems and the host and domain name.”
Trying it out (from the article):
systemd-nspawn -D debian-tree/ /bin/echo "hello, outside world!"
$ systemd-nspawn -D debian-tree/ /bin/bash
$ systemd-nspawn -D debian-tree/ /sbin/init
Some cool things you can do with systemd-nspawn:
“Execute this command on my root filesystem, but roll back any changes at the end”
“Run nginx inside its own container on boot, but limit it to 512 MB of RAM and 200% CPU”
“Give me a container that has its own private network and its own IP and MAC addresses, but map certain ports on the host to the container”
“Run this container with its own daemons in it, and monitor them to make sure they don’t fail”
“Download this container from the Docker Hub and run it every time I boot, but without installing Docker”