In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3.

In recent Linux kernels, it has been possible to create containers without any privileges. All that's missing is a container runtime that allows you to do this. LXC is close but falls short (it requires certain privileged processes and PAM modules for everything to work).

The current state of the work is available here. All of the basics work properly, but there's lots of unresolved things left to deal with (as well as lots of cleanup to be done). In addition, certain tools don't work as expected in a rootless container (such as anything that tries to use the unix privilege model). So, I've started work on a tool to fix that issue as well.

I also would like to write some blog posts about all of this work.

Looking for hackers with the skills:

containers docker ptrace

This project is part of:

Hack Week 14

Activity

  • over 3 years ago: cyphar added keyword "containers" to Rootless Containers
  • over 3 years ago: cyphar added keyword "docker" to Rootless Containers
  • over 3 years ago: cyphar added keyword "ptrace" to Rootless Containers
  • over 3 years ago: cyphar liked Rootless Containers
  • over 3 years ago: cyphar started Rootless Containers
  • over 3 years ago: cyphar originated Rootless Containers

  • Comments

    Be the first to comment!

    Similar Projects

    Run VMs in CaaSP 4 cluster with SUSE-powered kubevirt by jfehlig

    This project aims to run VMs in a CaaSP 4 clust...


    Packaging libnvidia-containers and nvidia-container-runtime-hook by jordimassaguerpla

    This is a follow up to https://hackweek.suse.co...


    Hammer an Envoy service mesh onto a SAP S4/HANA landscape and watch everything explode. by STorresi

    Although CNCF projects are almost exclusively r...


    Modernize Mash deployment by seanmarlow

    Mash is a Python based CI/CD pipeline for aut...


    Modernize Mash deployment by seanmarlow

    Mash is a Python based CI/CD pipeline for aut...


    Home assistant that doesn't spy on you - developer's edition by DKarakasilis

    There are various home assistant solutions out ...


    Zero-ish downtime deploy on da cheap! by josegomezr

    Zero-ish downtime deploy on da cheap!

    This...