/tech/ - Technology

Brought to you by archive.org

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


binctr Anonymous 07/12/2017 (Wed) 22:14:48 [Preview] No. 10361
"Create fully static, including rootfs embedded, binaries that pop you directly into a container. Can be run by an unprivileged user."

Seems interesting:
https://github.com/jessfraz/binctr

Someone should apply this on an entire system, like openbsd team did with pledge(2).


Anonymous 07/13/2017 (Thu) 15:45:03 [Preview] No. 10364 del
I have no idea what i can use this for tbqh


Anonymous 07/13/2017 (Thu) 16:31:01 [Preview] No. 10370 del
>>10364
Couldn't you use it for portable applications? That would make it safe for the host system like they are on windows. It could be used with something like this http://appimage.org/ which basically keeps the files in a mountable image like in apple dmg.


Anonymous 07/13/2017 (Thu) 20:33:26 [Preview] No. 10373 del
ok, I'm interested, how do we include this into systemd ?


Anonymous 07/13/2017 (Thu) 20:46:11 [Preview] No. 10374 del
>>10373
I know you're just joking, but systemd actually makes the same security mechanisms this uses (namespace, cgroups) easily available for its services. You don't have to give your daemons unnecessary access to your filesystem, the network, etcetera. It's neat.


Anonymous 07/13/2017 (Thu) 21:53:51 [Preview] No. 10375 del
>>10374
For god sake lennart we told you before, stop posting here


Anonymous 07/13/2017 (Thu) 22:13:07 [Preview] No. 10377 del
>>10375
You can even use nspawn to create full virtual userlands, that can be booted with their own /sbin/inits or have a single process run in them. It's like chroot on steroids, or Docker without the bureaucracy.



Top | Return | Catalog | Post a reply