rootlesskit
rootlesskit copied to clipboard
rootless-containers
Linux-native "fake root" for implementing rootless containers
Hi there! I am trying to upgrade the security of my docker-compose files by limiting capabilities. The problem I am facing is that many containers require DAC_OVERRIDE to work properly....
libslirp will provide DNS to the "guest side" simply by forwarding IPv4 UDP packets to the IPv4 host nameserver and idem for IPv6. See https://gitlab.freedesktop.org/slirp/libslirp/-/blob/6ea2c4f95922a64d21190d9ad163e3bbde37a836/src/socket.c#L971 and https://gitlab.freedesktop.org/slirp/libslirp/-/blob/6ea2c4f95922a64d21190d9ad163e3bbde37a836/src/socket.c#L990 On a host...
Debian 12 : Outside not reachable from rootless docker networks when enabling source IP propagation
### Issue Accordingly with [Docker official documentation](https://docs.docker.com/engine/security/rootless/#docker-run--p-does-not-propagate-source-ip-addresses), I have tried to enable source IP propagation for rootless Docker with the following solutions : - `slirp4netns` RootlessKit port driver - `pasta`...
When running on a fresh ubuntu vm `containerd-rootless-setuptool.sh check` or `rootlesskit bash` Got strange error ``` ubuntu@energetic-anemone:~$ containerd-rootless-setuptool.sh check [INFO] Checking RootlessKit functionality [rootlesskit:parent] error: failed to start the child:...
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0. Commits faed7ec unix: add PthreadChdir and PthreadFchdir on darwin c892bb7 unix: fix MmapPtr test failing on OpenBSD a0ef40a unix: fix MremapPtr test failing on...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [github.com/gofrs/flock](https://github.com/gofrs/flock) from 0.8.1 to 0.12.0. Release notes Sourced from github.com/gofrs/flock's releases. v0.12.0 What's Changed feat: differentiation of Solaris and Illumos by @ldez in gofrs/flock#80 feat(windows): replace custom implementation with...
Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.5.0 to 1.5.1. Release notes Sourced from github.com/containernetworking/plugins's releases. v1.5.1 What's Changed Fix release tar images' owner to root by @s1061123 in containernetworking/plugins#1054 Full Changelog: https://github.com/containernetworking/plugins/compare/v1.5.0...v1.5.1 Commits...
Hello guys, I'm currently trying to run docker daemon on an alpine image rootless. `dockerd-routless.sh` is using `rootlesskit` but unfortunately I have this error: ``` / # + exec rootlesskit...
https://www.freedesktop.org/software/systemd/man/devel/systemd-nsresourced.service.html > systemd-nsresourced is a system service that permits transient delegation of a UID/GID range to a user namespace (see [user_namespaces(7)](https://man7.org/linux/man-pages/man7/user_namespaces.7.html)) allocated by a client, via a Varlink IPC API....
Metadata
Owner
Metadata
Linux-native "fake root" for implementing rootless containers