In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3.

In recent Linux kernels, it has been possible to create containers without any privileges. All that's missing is a container runtime that allows you to do this. LXC is close but falls short (it requires certain privileged processes and PAM modules for everything to work).

The current state of the work is available here. All of the basics work properly, but there's lots of unresolved things left to deal with (as well as lots of cleanup to be done). In addition, certain tools don't work as expected in a rootless container (such as anything that tries to use the unix privilege model). So, I've started work on a tool to fix that issue as well.

I also would like to write some blog posts about all of this work.

Looking for hackers with the skills:

containers docker ptrace

This project is part of:

Hack Week 14

Activity

  • about 6 years ago: cyphar added keyword "containers" to this project.
  • about 6 years ago: cyphar added keyword "docker" to this project.
  • about 6 years ago: cyphar added keyword "ptrace" to this project.
  • about 6 years ago: cyphar liked this project.
  • about 6 years ago: cyphar started this project.
  • about 6 years ago: cyphar originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Home mirror 101 refresh of hotstuff by lkocman

    I'm running a simple home mirror, but I managed...


    ignite.opensuse.org by lkocman

    Let's do what we can to get https://github.com/...


    containerizing MicroOS Desktop components (reloaded) by fcrozat

    [comment]: # (Please use the project descriptio...


    Uyuni/SUSE Manager Server Helm chart on k3s by moio

    ![Combined icons of k3s and Uyuni](https://user...


    Improve SLE Release Management Container by suntorytimed

    Project Description

    In this project I would...


    Migrate suntorytimed/resourcespace container to an openSUSE base by suntorytimed

    Project Description

    For quite some time I a...


    Improve SLE Release Management Container by suntorytimed

    Project Description

    In this project I would...


    Package docker compose v2 by hennevogel

    Package [compose](https://github.com/docker/com...


    Uyuni/SUSE Manager Server Helm chart on k3s by moio

    ![Combined icons of k3s and Uyuni](https://user...