In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3.

In recent Linux kernels, it has been possible to create containers without any privileges. All that's missing is a container runtime that allows you to do this. LXC is close but falls short (it requires certain privileged processes and PAM modules for everything to work).

The current state of the work is available here. All of the basics work properly, but there's lots of unresolved things left to deal with (as well as lots of cleanup to be done). In addition, certain tools don't work as expected in a rootless container (such as anything that tries to use the unix privilege model). So, I've started work on a tool to fix that issue as well.

I also would like to write some blog posts about all of this work.

Looking for mad skills in:

containers docker ptrace

This project is part of:

Hack Week 14

Activity

  • over 3 years ago: cyphar added keyword "ptrace" to Rootless Containers
  • over 3 years ago: cyphar added keyword "docker" to Rootless Containers
  • over 3 years ago: cyphar added keyword "containers" to Rootless Containers
  • over 3 years ago: cyphar liked Rootless Containers
  • over 3 years ago: cyphar started Rootless Containers
  • Show History

    Comments

    Be the first to comment!

    Similar Projects

    Architecting a Machine Learning project with SUSE CaaSP by jordimassaguerpla

    The goal of this project is to get an overview ...


    Convert the Docker Compose setup of OBS to Kubernetes Resources by dmarcoux

    Throughout this project, I will learn about Kub...


    Make "salt-toaster" available to be used outside SUSE by PSuarezHernandez

    The salt-toaster (https://github.com/openSUSE...