Blog Atom Feed [filter-by-tag: runc]

Inside these pages you will find a collection of my personal ramblings (including security disclosures, my thoughts on various topics, and anything else that I feel like writing about). All of the opinions stated here are solely my own, and are released under the Creative Commons BY-SA 4.0 license.

Tag: runc

Adventures into ptrace(2) Hell Aleksa Sarai, 03 July 2016.

As part of my work on rootless containers, I found that many tools try to drop privileges. This makes those tools break inside rootless containers, so I spent a week or two working on a tool that allows users to shim out all of the "drop privileges" syscalls. Here is documented the pain that I went through while figuring out how ptrace(2) is meant to work.

containers free software rant runc suse

Rootless Containers with runC Aleksa Sarai, 27 June 2016.

There has been a lot of work within the runC community recently to get proper "rootless containers". I've been working on this for a couple of months now, and it looks like it's ready. This will be the topic of my talk at ContainerCon Japan 2016.

containers free software runc suse