Blog Atom Feed [filter-by-tag: runc]
Inside these pages you will find a collection of my personal ramblings (including security disclosures, my thoughts on various topics, and anything else that I feel like writing about). All of the opinions stated here are solely my own, and are released under the Creative Commons BY-SA 4.0 license.
- Adventures into ptrace(2) Hell Aleksa Sarai, 03 July 2016.
As part of my work on rootless containers, I found that many tools try to drop privileges. This makes those tools break inside rootless containers, so I spent a week or two working on a tool that allows users to shim out all of the "drop privileges" syscalls. Here is documented the pain that I went through while figuring out how
ptrace(2)is meant to work.
- Rootless Containers with runC Aleksa Sarai, 27 June 2016.
There has been a lot of work within the runC community recently to get proper "rootless containers". I've been working on this for a couple of months now, and it looks like it's ready. This will be the topic of my talk at ContainerCon Japan 2016.