Cyphar's Bloghttps://www.cyphar.com/blog/tag/runc/posts.atom2016-07-03T19:00:00ZAleksa SaraiThe wild ramblings of Aleksa Sarai.Copyright (C) 2014-2020 Aleksa Sarai. Licensed under CC-BY-SA 4.0.WerkzeugAdventures into ptrace(2) Hellhttps://www.cyphar.com/blog/post/20160703-remainroot-ptrace-hell2016-07-03T19:00:00Z2016-07-03T19:00:00ZAleksa Sarai<p>As part of my work on <a href="/blog/rootless-containers-with-runc">rootless containers</a>, I found that many tools try to drop privileges. This makes those tools break inside rootless containers, so I spent a week or two working on a tool that allows users to shim out all of the "drop privileges" syscalls. Here is documented the pain that I went through while figuring out how <code>ptrace(2)</code> is meant to work.</p>Rootless Containers with runChttps://www.cyphar.com/blog/post/20160627-rootless-containers-with-runc2016-06-27T17:00:00Z2016-06-27T21:05:00ZAleksa Sarai<p>There has been a lot of work within the runC community recently to get proper "rootless containers". I've been working on this for a couple of months now, and it looks like it's ready. This will be the topic of my talk at ContainerCon Japan 2016.</p>