cyphar

cyphar

Docker: Image Rebasing

an invention by cyphar

git rebase is a very useful construct in source control management, as it allows you to re-apply your changes atop a different branch of the same repository. While this concept transitions perfectly to container management (updating a container could be as easy as a docker rebase), and the Docker client is inspired by the git semantics, Docker has no such feature (in fact, Solomon Hykes used rebase and merge as examples of things "that we don't want"). Currently, zypper-docker works by applying an updated layer on top of an existing image. While this does work quite well, it separates the process of updating the base image and updating all of your derivative images (you need to re-download new packages for each derivative image).

Updated over 5 years ago. 4 hacker ♥️.

Add PIDs cgroup support to runC and Docker

an invention by cyphar

Currently, dealing with forkbombs and similar issues with Docker and runC is not very nice (you have to set a global limit for all Docker processes or you have to limit kernel memory which isn't very practical). I'm going to work on getting [some][1] [patches][2] merged into runC and Docker to enable PIDs support for Docker.

Updated over 5 years ago. 1 hackers ♥️.

Rootless Containers

an invention by cyphar

In many cases, people want to start containers on a system where the administrator is not happy about granting privileges to users or installing any new software. For example, when I was a researcher and wanted to run Python 3 on a computing cluster it was not possible to get the administrator to install Docker or Python 3.

Updated over 4 years ago. 1 hackers ♥️.

OCI Image Distribution with RPMs

a project by cyphar

Currently the Open Container Initiative doesn't specify a distribution protocol or system, and the current "standard" format is the Docker registry protocol. Aside from technical reservations with Docker registry, it is also not an OCI-compliant system and will require a lot of work to integrate it into all of the openSUSE/SUSE tooling.

Updated over 5 years ago. 3 hacker ♥️.

orca: build OCI images from Dockerfiles

a project by cyphar

Currently the main complaint people have about OCI tooling is the lack of a transition from Docker to OCI. With umoci you have a lot of low-level image configuration abilities, and skopeo and runC cover the other major parts of the picture, but you need something to tie them together.

Updated over 5 years ago. 1 hackers ♥️.

libpathrs

a project by cyphar

The plan is to implement a safe path resolution library for Linux to avoid the plentiful numbers of security vulnerabilities that have been seen in the wild related to path resolution race conditions and various other attacks. I've been working on kernel-space solutions but even if they were merged, it is difficult to use them safely directly. So this library intends to provide simple wrappers that everyone can use.

Updated over 5 years ago. 1 hackers ♥️. 1 follower.

paperback

a project by cyphar

Very often people find themselves wanting to store secrets in a way that either they can recover even if (for instance) their house burns down, or allow friends and family to recover if they pass away. Existing solutions to this problem are:

Updated almost 5 years ago. 1 hackers ♥️. 1 follower.
7
7
1
6

Looking for projects around:

Nothing at the moment

Activity

  • almost 5 years ago: cyphar started paperback
  • almost 5 years ago: cyphar originated paperback
  • over 5 years ago: cyphar liked libpathrs
  • over 5 years ago: cyphar added keyword "security" to libpathrs
  • over 5 years ago: cyphar added keyword "filesystem" to libpathrs
  • over 5 years ago: cyphar added keyword "rust" to libpathrs
  • over 5 years ago: cyphar started libpathrs
  • over 5 years ago: cyphar originated libpathrs
  • over 7 years ago: cyphar liked orca: build OCI images from Dockerfiles
  • over 7 years ago: cyphar started orca: build OCI images from Dockerfiles
  • over 7 years ago: cyphar originated orca: build OCI images from Dockerfiles
  • almost 8 years ago: cyphar added keyword "rpm" to OCI Image Distribution with RPMs
  • almost 8 years ago: cyphar added keyword "packaging" to OCI Image Distribution with RPMs
  • almost 8 years ago: cyphar added keyword "containers" to OCI Image Distribution with RPMs
  • almost 8 years ago: cyphar started OCI Image Distribution with RPMs
  • almost 8 years ago: cyphar liked OCI Image Distribution with RPMs
  • almost 8 years ago: cyphar originated OCI Image Distribution with RPMs
  • over 8 years ago: cyphar added keyword "containers" to Rootless Containers
  • over 8 years ago: cyphar added keyword "docker" to Rootless Containers
  • over 8 years ago: cyphar added keyword "ptrace" to Rootless Containers
  • over 8 years ago: cyphar liked Rootless Containers
  • over 8 years ago: cyphar started Rootless Containers
  • over 8 years ago: cyphar originated Rootless Containers
  • almost 9 years ago: cyphar added keyword "docker" to Add PIDs cgroup support to runC and Docker
  • almost 9 years ago: cyphar added keyword "runc" to Add PIDs cgroup support to runC and Docker
  • All Activity