20 Repos
Tools for spawning, running, and managing individual container instances.
Explore 20 awesome GitHub repositories matching part of an awesome list · Container Engines. Refine with filters or upvote what's useful.
Firecracker is a virtual machine monitor that leverages hardware-assisted virtualization to create and manage isolated execution environments. It functions as a lightweight runtime designed to launch virtual machines with minimal memory overhead and near-instantaneous startup times, providing the security of traditional hardware virtualization with the efficiency of containerized workloads. The project distinguishes itself through a security-focused architecture that enforces strict process boundaries using system-level barriers and restricted user privileges. It minimizes the attack surface
Runs workloads in secure, lightweight microVMs.
Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including im
Comprehensive management of the container lifecycle.
runc is a command-line utility for spawning and running containers on Linux systems according to the Open Container Initiative specification. It serves as a low-level container execution engine that interfaces directly with the host operating system to manage the lifecycle of isolated processes. The tool functions as a Linux process containerizer, utilizing kernel features such as namespaces for process isolation and control groups for resource governance. It enforces security by restricting processes to specific directory trees and dropping unnecessary kernel privileges to minimize the attac
CLI tool for spawning containers based on OCI specifications.
Bocker is a minimal container management tool written in Bash that implements core container functionality using Linux namespaces and control groups. It serves as a Linux container manager capable of starting and managing isolated processes and images through low-level kernel features. The project includes an OCI image tool for pulling, saving, and building container images compatible with industry standards. It further integrates a cgroup resource controller to restrict CPU and memory consumption for isolated processes. The tool covers the full container lifecycle, including process isolati
Minimalist container implementation written in bash.
rkt ist eine sichere Linux-Container-Engine und ein Pod-nativer Container-Manager. Er bietet eine komponierbare Ausführungsumgebung zum Starten und Verwalten isolierter Anwendungscontainer unter Linux und dient als Runtime, die auf offenen Industriestandards für Image-Formate und Netzwerkschnittstellen basiert. Das System zeichnet sich durch ein Pod-natives Ausführungsmodell aus, das mehrere Container und geteilte Ressourcen in einzelnen, in sich geschlossenen Einheiten gruppiert. Es nutzt einsteckbare Ausführungs-Engines, um eine sichere Isolierung zu gewährleisten, einschließlich der Verwendung hardwarebasierter Virtualisierung, um Sicherheitsgrenzen zwischen dem Host-System und laufenden Anwendungen zu schaffen. Das Projekt deckt ein breites Spektrum an Funktionen im Container-Management ab, einschließlich OCI-konformer Image-Ausführung und CNI-basierter Vernetzung. Es bietet zudem die Integration mit Cluster-Orchestratoren und System-Initialisierungswerkzeugen zur Verwaltung von Workloads in verteilten Umgebungen.
CLI for running secure and composable app containers.
Podman Desktop is a graphical user interface for managing container images, pods, and volumes across multiple container engines and Kubernetes clusters. It serves as a container engine orchestrator for installing, configuring, and updating engines, as well as a deployment dashboard for connecting to Kubernetes environments and switching cluster contexts. The application is an extensible developer tool that utilizes a plugin system to allow users to add new features and orchestration capabilities through third-party modules. The tool provides a resource dashboard for local container managemen
Enables building, running, and debugging containers and pods across multiple different container engines.
Podman Desktop is a graphical user interface for building, managing, and deploying containers and Kubernetes clusters from a local workstation. It serves as a container engine manager and a Kubernetes cluster dashboard, providing a visual environment for tasks typically handled via the command line. The project includes a container extension framework that allows users to integrate additional tools and capabilities into the management environment through a plugin system and extension catalog. The software covers the full container lifecycle, including image building and pushing to registries
Provides a dedicated manager for configuring container engines, adjusting machine resources, and updating versions.
Youki ist eine OCI-Container-Runtime, die in Rust geschrieben ist. Sie implementiert die OCI-Runtime-Spezifikation (Open Container Initiative), um den Lebenszyklus containerisierter Prozesse zu verwalten und die Kompatibilität mit Standard-Container-Images und -Engines sicherzustellen. Die Runtime ist auf Speichersicherheit ausgelegt und unterstützt die Ausführung von rootless Containern, wodurch Container als Nicht-Root-Benutzer ausgeführt werden können, um Sicherheitsrisiken zu reduzieren und Privilegienerweiterungen zu begrenzen. Sie bietet grundlegende Funktionen für das Containermanagement, einschließlich des Startens und Verwaltens von OCI-Containern. Dies wird durch Linux-Namespace-Isolierung, cgroup-basierte Ressourcenbegrenzung und User-Namespace-Mapping erreicht, um Prozesse vom Host-Betriebssystem zu trennen.
Container runtime implementation written in Rust.
LXC ist ein OS-Level-Virtualisierungs-Framework und Linux-Container-Manager, der verwendet wird, um mehrere isolierte Linux-Systeme auf einem einzigen Host auszuführen. Er fungiert als Kernel-Namespace-Orchestrator und unprivilegierte Container-Runtime, was die Erstellung und Verwaltung von Systemcontainern ohne den Overhead eines Hypervisors ermöglicht. Das Projekt bietet unprivilegierte Containerausführung durch das Mapping von Container-Root-Benutzern auf unprivilegierte Host-Benutzer, um den Zugriff auf das Host-System zu verhindern. Es stellt Sicherheit durch System-Call-Filtering und Root-Benutzer-Isolierung sicher, wodurch Container ohne Host-Root-Rechte ausgeführt werden können. Das Framework verwaltet die Ressourcenisolierung mithilfe von Control Groups, um CPU- und Speichernutzung zu begrenzen, und nutzt Kernel-Namespaces für die Prozess- und Netzwerkisolierung. Es enthält Funktionen für die Netzwerk-Bridge-Administration zur Verhinderung von Adress-Spoofing sowie eine programmatische API zur Verwaltung des Container-Lebenszyklus und zur Ausführung administrativer Befehle.
Low-level tools and libraries for managing Linux containers.
lmctfy (pronounced l-m-c-t-fi, IPA: /ɛlɛmsitifаɪ/) is the open source version of Google’s container stack, which provides Linux application containers. These containers allow for the isolation of resources used by multiple applications running on a single machine. This gives the applications the…
Open source implementation of Google's container stack.
Sysbox is an OCI-compliant container runtime that provides virtual-machine-level isolation for containers without requiring hardware virtualization. It achieves this by mapping the container's root user to an unprivileged host user ID range, virtualizing the /proc and /sys filesystems, and applying seccomp-BPF system call filtering, all while using cgroup v2 for resource partitioning. The runtime enables running system-level software such as systemd, Docker, and Kubernetes inside unprivileged containers without requiring special images or privileged mode. It supports nested namespace stacking
Creates secure, rootless containers capable of running systemd and Docker.
Vagga is a containerization tool without daemons
Userspace container engine tailored for development environments.
A basic user tool to execute simple docker containers in batch or interactive systems without root privileges.
Tool for executing containers without requiring root privileges.
footloose creates containers that look like virtual machines. Those containers run systemd as PID 1 and a ssh daemon that can be used to login into the container. Such "machines" behave very much like a VM, it's even possible to run dockerd in themreadme-did :)
Containers designed to behave like virtual machines.
"railcar")
Rust-based implementation of the OCI runtime specification.
runV is a hypervisor-based runtime for OCI.
Hypervisor-based runtime for OCI-compliant security.
.. image:: https://travis-ci.org/01org/cc-oci-runtime.svg?branch=master :target: https://travis-ci.org/01org/cc-oci-runtime
OCI-compliant runtime for Intel Clear Linux.
Build and run layered root filesystems.
Tool for creating lightweight, rootless containers.