Find a file
ImgBotApp ba5c4d7fe4
[ImgBot] optimizes images
*Total -- 3,812.79kb -> 893.34kb (76.57%)

/vendor/github.com/docker/docker-ce/components/cli/scripts/winresources/docker.png -- 642.77kb -> 10.34kb (98.39%)
/vendor/github.com/docker/cli/scripts/winresources/docker.png -- 642.77kb -> 10.34kb (98.39%)
/vendor/github.com/docker/docker/hack/make/.resources-windows/docker.png -- 642.77kb -> 10.34kb (98.39%)
/vendor/github.com/docker/docker-ce/components/engine/hack/make/.resources-windows/docker.png -- 642.77kb -> 10.34kb (98.39%)
/vendor/github.com/containerd/containerd/docs/images/containerd-spec.png -- 33.14kb -> 9.18kb (72.31%)
/vendor/github.com/docker/cli/docs/extend/images/authz_chunked.png -- 32.39kb -> 9.65kb (70.2%)
/vendor/github.com/docker/docker-ce/components/cli/docs/extend/images/authz_chunked.png -- 32.39kb -> 9.65kb (70.2%)
/vendor/github.com/docker/cli/docs/extend/images/authz_deny.png -- 26.46kb -> 8.36kb (68.41%)
/vendor/github.com/docker/docker-ce/components/cli/docs/extend/images/authz_deny.png -- 26.46kb -> 8.36kb (68.41%)
/vendor/github.com/docker/docker-ce/components/cli/docs/extend/images/authz_allow.png -- 32.72kb -> 10.44kb (68.09%)
/vendor/github.com/docker/cli/docs/extend/images/authz_allow.png -- 32.72kb -> 10.44kb (68.09%)
/vendor/github.com/docker/docker-ce/components/cli/docs/extend/images/authz_additional_info.png -- 44.84kb -> 14.44kb (67.79%)
/vendor/github.com/docker/cli/docs/extend/images/authz_additional_info.png -- 44.84kb -> 14.44kb (67.79%)
/vendor/github.com/docker/cli/docs/extend/images/authz_connection_hijack.png -- 37.87kb -> 12.66kb (66.57%)
/vendor/github.com/docker/docker-ce/components/cli/docs/extend/images/authz_connection_hijack.png -- 37.87kb -> 12.66kb (66.57%)
/vendor/github.com/containerd/containerd/design/architecture.png -- 85.74kb -> 36.46kb (57.47%)
/vendor/github.com/opencontainers/image-spec/img/media-types.png -- 38.91kb -> 17.08kb (56.12%)
/vendor/github.com/containerd/containerd/design/data-flow.png -- 29.61kb -> 14.40kb (51.36%)
/vendor/github.com/containerd/containerd/docs/images/GitHub-Mark-Light-64px.png -- 2.28kb -> 1.32kb (42.15%)
/vendor/github.com/containerd/containerd/docs/images/CNCF_Alternate_Pantone.png -- 24.03kb -> 13.94kb (42.02%)
/vendor/github.com/containerd/containerd/docs/images/containerd-dark.png -- 0.68kb -> 0.44kb (35.96%)
/vendor/github.com/opencontainers/image-spec/img/run-diagram.png -- 14.03kb -> 9.35kb (33.33%)
/vendor/github.com/docker/docker-ce/components/engine/docs/static_files/moby-project-logo.png -- 19.98kb -> 13.47kb (32.59%)
/vendor/github.com/docker/docker/docs/static_files/moby-project-logo.png -- 19.98kb -> 13.47kb (32.59%)
/vendor/github.com/containerd/containerd/docs/images/containerd-light.png -- 0.39kb -> 0.27kb (31.5%)
/vendor/github.com/docker/docker-ce/components/engine/docs/static_files/contributors.png -- 22.56kb -> 16.98kb (24.73%)
/vendor/github.com/docker/docker/docs/static_files/contributors.png -- 22.56kb -> 16.98kb (24.73%)
/vendor/github.com/containerd/containerd/design/snapshot_model.png -- 63.24kb -> 62.53kb (1.12%)
/vendor/github.com/containerd/containerd/docs/images/chart-f.png -- 123.42kb -> 122.96kb (0.37%)
/vendor/github.com/containerd/containerd/docs/images/chart-a.png -- 239.22kb -> 238.80kb (0.17%)
/vendor/github.com/containerd/containerd/docs/images/chart-b.png -- 153.38kb -> 153.24kb (0.09%)
2018-09-25 16:44:11 +00:00
container update vendor 2018-09-25 12:27:46 -04:00
examples update cl-k8s 2018-03-20 03:02:29 -04:00
vendor [ImgBot] optimizes images 2018-09-25 16:44:11 +00:00
.gitignore update 2018-09-25 12:40:34 -04:00
.travis.yml update 2018-09-25 12:40:34 -04:00
basic.mk update 2018-09-25 12:40:34 -04:00
Gopkg.lock update vendor 2018-09-25 12:27:46 -04:00
Gopkg.toml fix chown and seccomp 2018-03-22 09:22:44 -04:00
LICENSE update go generated project files 2018-03-19 21:52:49 -04:00
Makefile update 2018-09-25 12:40:34 -04:00
README.md update readme 2018-06-12 10:20:16 -04:00
VERSION.txt update 2018-09-25 12:40:34 -04:00

binctr

Build Status Go Report Card GoDoc

Create fully static, including rootfs embedded, binaries that pop you directly into a container. Can be run by an unprivileged user.

Check out the blog post: blog.jessfraz.com/post/getting-towards-real-sandbox-containers.

This is based off a crazy idea from @crosbymichael who first embedded an image in a binary :D

HISTORY: This project used to use a POC fork of libcontainer until @cyphar got rootless containers into upstream! Woohoo! Check out the original thread on the mailing list.

Checking out this repo

$ git clone git@github.com:genuinetools/binctr.git

Building

You will need libapparmor-dev and libseccomp-dev.

Most importantly you need userns in your kernel (CONFIG_USER_NS=y) or else this won't even work.

# building the alpine example
$ make alpine
Static container created at: ./alpine

# building the busybox example
$ make busybox
Static container created at: ./busybox

# building the cl-k8s example
$ make cl-k8s
Static container created at: ./cl-k8s

Running

$ ./alpine
$ ./busybox
$ ./cl-k8s

Cool things

The binary spawned does NOT need to oversee the container process if you run in detached mode with a PID file. You can have it watched by the user mode systemd so that this binary is really just the launcher :)