In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3.
In recent Linux kernels, it has been possible to create containers without any privileges. All that's missing is a container runtime that allows you to do this. LXC is close but falls short (it requires certain privileged processes and PAM modules for everything to work).
The current state of the work is available here. All of the basics work properly, but there's lots of unresolved things left to deal with (as well as lots of cleanup to be done). In addition, certain tools don't work as expected in a rootless container (such as anything that tries to use the unix privilege model). So, I've started work on a tool to fix that issue as well.
I also would like to write some blog posts about all of this work.
Looking for hackers with the skills:
This project is part of:
Hack Week 14
Activity
Comments
Be the first to comment!
Similar Projects
Hangar: tool for mirror container images & generate rancher image lists. by StarryWang
Project Description
Hangar is a tool for ...
Predefined app security policy template for NeuVector by feih
Project Description
Idea is to predefin...
Containerized home mirror by lkocman
I'm running a simple home mirror, but I managed...
Exploring DPDK within containers by paolodepa
Project Description
Containerization is h...
Forklift - Text based GUI utility for dealing with containers by andreabenini
[comment]: # (Please use the project descriptio...
Forklift - Text based GUI utility for dealing with containers by andreabenini
[comment]: # (Please use the project descriptio...
A set of utilities to produce a "from scratch" OCI/Docker container using Opensuse/SLE rpms by ldragon
[comment]: # (Please use the project descriptio...
Serving web pages for a registered domain from a container behind proxy by tjyrinki_suse
Project description
For example Nginx pro...