Diuid
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Gvisor | 13,641 | 64 | 2 hours ago | 487 | April 24, 2021 | 738 | apache-2.0 | Go | ||
| Application Kernel for Containers | ||||||||||
| Containerd | 13,530 | 306 | 2,295 | 3 hours ago | 581 | August 08, 2022 | 528 | apache-2.0 | Go | |
| An open and reliable container runtime | ||||||||||
| Linuxkit | 7,750 | 1 | 8 days ago | 23 | April 23, 2021 | 340 | apache-2.0 | Go | ||
| A toolkit for building secure, portable and lean operating systems for containers | ||||||||||
| Netboot.xyz | 3,978 | 7 hours ago | 38 | apache-2.0 | Jinja | |||||
| Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE. | ||||||||||
| Gophernotes | 3,521 | 1 | 2 days ago | 22 | May 31, 2022 | 54 | mit | Go | ||
| The Go kernel for Jupyter notebooks and nteract. | ||||||||||
| Ignite | 3,311 | 3 | 2 days ago | 39 | November 19, 2021 | 169 | apache-2.0 | Go | ||
| Ignite a Firecracker microVM | ||||||||||
| Tracee | 2,583 | 5 | 3 hours ago | 100 | April 25, 2021 | 166 | apache-2.0 | Go | ||
| Linux Runtime Security and Forensics using eBPF | ||||||||||
| Theseus | 2,363 | a day ago | 45 | mit | Rust | |||||
| Theseus is a modern OS written from scratch in Rust that explores 𝐢𝐧𝐭𝐫𝐚𝐥𝐢𝐧𝐠𝐮𝐚𝐥 𝐝𝐞𝐬𝐢𝐠𝐧: closing the semantic gap between compiler and hardware to maximally leverage the power of language safety and thus shift OS responsibilities like resource management into the compiler. | ||||||||||
| Lgo | 2,082 | 2 years ago | 23 | bsd-3-clause | Go | |||||
| Interactive Go programming with Jupyter | ||||||||||
| Docker Wireguard | 1,725 | 6 days ago | 16 | gpl-3.0 | Dockerfile | |||||
Docker in User Mode Linux
An image for running a dockerd inside a user mode linux kernel. This way it is possible to run and build docker images without forwarding the docker socket or using privileged flags. Therefore this image can be used to build docker images with the gitlab-ci-multi-runner docker executor.
How it works
It starts a user mode linux kernel with a dockerd inside. The network communication is bridged by slirp. I didn't managed to get the "redir" of slirp to work and so i'm forwarding the docker socket using reverse tunneling over an SSH connection from the uml kernel to the container.
Security
Because uml linux is using ptrace the image might need to be started with --cap-add=SYS_PTRACE depending on your Docker version and kernel version.
The flag is not needed since Docker 19.03+ with kernel 4.8+.
Example
docker run -it --rm weberlars/diuid docker info
For better performance, mount a tmpfs with exec access on /umlshm:
docker run -it --rm --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g weberlars/diuid docker info
To set dockerd flags:
docker run -it --rm -e DIUID_DOCKERD_FLAGS="--experimental --debug" weberlars/diuid docker info
To run as a daemon and expose the API socket to other hosts:
docker run -d -p 2376:2376 -v /secret:/s \
-e DIUID_DOCKERD_FLAGS="-H tcp://0.0.0.0:2376 --tlsverify --tlscacert /s/ca.pem --tlscert /s/cert.pem --tlskey /s/key.pem" \
weblars/diuid tail -f /tmp/kernel.log
To configure memory size and /var/lib/docker size:
docker run -it --rm -e MEM=4G -e DISK=20G weberlars/diuid docker info
To preserve /var/lib/docker disk:
docker run -it --rm -v /somewhere:/persistent weberlars/diuid docker info
