Blog Atom Feed [filter-by-tag: containers]
Inside these pages you will find a collection of my personal ramblings (including security disclosures, my thoughts on various topics, and anything else that I feel like writing about). All of the opinions stated here are solely my own, and are released under the Creative Commons BY-SA 4.0 license.
Tag: containers
- The Road to OCIv2 Images: What's Wrong with Tar? Aleksa Sarai, 21 January 2019.
-
The need for a better container image format has been fairly self-apparent for a long time, but there hasn't been a solid effort to redesign how container images should operate. Most container image formats are based on
tar
, which at first glance may seem like a reasonable choice. In this first part of a series of articles that outline the design of "OCIv2 images", I hope to dissuade you of this notion. - umoci: a New Tool for OCI Images Aleksa Sarai, 29 November 2016.
-
Very recently, I've been working on implementing the required tooling for creating and modifying Open Container Initiative images without needing any external components. The tool I've written is called
umoci
and is probably one of the more exciting things I've worked on in the past couple of months. In particular, the applications ofumoci
when it comes to SUSE tooling like the Open Build Service or KIWI is what really makes it exciting. - Adventures into ptrace(2) Hell Aleksa Sarai, 03 July 2016.
-
As part of my work on rootless containers, I found that many tools try to drop privileges. This makes those tools break inside rootless containers, so I spent a week or two working on a tool that allows users to shim out all of the "drop privileges" syscalls. Here is documented the pain that I went through while figuring out how
ptrace(2)
is meant to work. - Rootless Containers with runC Aleksa Sarai, 27 June 2016.
-
There has been a lot of work within the runC community recently to get proper "rootless containers". I've been working on this for a couple of months now, and it looks like it's ready. This will be the topic of my talk at ContainerCon Japan 2016.