Docker in UserModeLinux in Docker
Alternatives To Diuid
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Gvisor13,641642 hours ago487April 24, 2021738apache-2.0Go
Application Kernel for Containers
Containerd13,5303062,2953 hours ago581August 08, 2022528apache-2.0Go
An open and reliable container runtime
Linuxkit7,75018 days ago23April 23, 2021340apache-2.0Go
A toolkit for building secure, portable and lean operating systems for containers
7 hours ago38apache-2.0Jinja
Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.
Gophernotes3,52112 days ago22May 31, 202254mitGo
The Go kernel for Jupyter notebooks and nteract.
Ignite3,31132 days ago39November 19, 2021169apache-2.0Go
Ignite a Firecracker microVM
Tracee2,58353 hours ago100April 25, 2021166apache-2.0Go
Linux Runtime Security and Forensics using eBPF
a day ago45mitRust
Theseus is a modern OS written from scratch in Rust that explores 𝐢𝐧𝐭𝐫𝐚𝐥𝐢𝐧𝐠𝐮𝐚𝐥 𝐝𝐞𝐬𝐢𝐠𝐧: closing the semantic gap between compiler and hardware to maximally leverage the power of language safety and thus shift OS responsibilities like resource management into the compiler.
2 years ago23bsd-3-clauseGo
Interactive Go programming with Jupyter
Docker Wireguard1,725
6 days ago16gpl-3.0Dockerfile
Alternatives To Diuid
Select To Compare

Alternative Project Comparisons

Build Status

Docker in User Mode Linux

An image for running a dockerd inside a user mode linux kernel. This way it is possible to run and build docker images without forwarding the docker socket or using privileged flags. Therefore this image can be used to build docker images with the gitlab-ci-multi-runner docker executor.

How it works

It starts a user mode linux kernel with a dockerd inside. The network communication is bridged by slirp. I didn't managed to get the "redir" of slirp to work and so i'm forwarding the docker socket using reverse tunneling over an SSH connection from the uml kernel to the container.


Because uml linux is using ptrace the image might need to be started with --cap-add=SYS_PTRACE depending on your Docker version and kernel version. The flag is not needed since Docker 19.03+ with kernel 4.8+.


docker run -it --rm weberlars/diuid docker info

For better performance, mount a tmpfs with exec access on /umlshm:

docker run -it --rm --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g weberlars/diuid docker info

To set dockerd flags:

docker run -it --rm -e DIUID_DOCKERD_FLAGS="--experimental --debug" weberlars/diuid docker info

To run as a daemon and expose the API socket to other hosts:

docker run -d -p 2376:2376 -v /secret:/s \
 -e DIUID_DOCKERD_FLAGS="-H tcp:// --tlsverify --tlscacert /s/ca.pem --tlscert /s/cert.pem --tlskey /s/key.pem" \
 weblars/diuid tail -f /tmp/kernel.log

To configure memory size and /var/lib/docker size:

docker run -it --rm -e MEM=4G -e DISK=20G weberlars/diuid docker info

To preserve /var/lib/docker disk:

docker run -it --rm -v /somewhere:/persistent weberlars/diuid docker info

Popular Docker Projects
Popular Kernel Projects
Popular Virtualization Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Docker Image