Linux > Containers

This project is where the Open Container Initiative Specifications are written. This is a work in progress.

Nulecule defines a pattern and model for packaging complex multi-container applications and services, referencing all their dependencies, including orchestration metadata in a container image for building, deploying, monitoring, and active management.

A package format specification that describes a technology for bundling, installing, and managing distributed applications, that are by design, cloud agnostic.

rkt (pronounced "rock-it") is a CLI for running app containers on Linux. rkt is designed to be composable, secure, and fast. Based on AppC specification.

runc is a CLI tool for spawning and running containers according to the OCS specification.

Docker implemented in around 100 lines of bash.

LXC is the well known set of tools, templates, library and language bindings. It's pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel.

Vagga is a fully-userspace container engine inspired by Vagrant and Docker, specialized for development environments.

Libct is a containers management library which provides convenient API for frontend programs to rule a container during its whole lifetime.

The main goal of Porto is to create a convenient, reliable interface over several Linux kernel mechanism such as cgroups, namespaces, mounts, networking etc.

A basic user tool to execute simple containers in batch or interactive systems without root privileges.

LMCTFY is the open source version of Google’s container stack, which provides Linux application containers.

Intel Clear Linux OCI (Open Containers Initiative) compatible runtime.

Railcar is a rust implementation of the opencontainers initiative's runtime spec. It is similar to the reference implementation runc, but it is implemented completely in rust for memory safety without needing the overhead of a garbage collector or multiple threads.

Lightweight, rootless containers.

Hypervisor-based (KVM, Xen, QEMU) Runtime for OCI. Security by isolation.

Full management of container lifecycle.

Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers.

Sysbox is a "runc" that creates secure (rootless) containers / pods that run not just microservices, but most workloads that run in VMs (e.g., systemd, Docker, and Kubernetes), seamlessly.

A container runtime written in Rust.

Containers that look like Virtual Machines.

Manages isolated, ephemeral, and resource controlled environments. Part of Cloud Foundry - the open platform as a service project.

Photon OS is a minimal Linux container host designed to have a small footprint and tuned for VMware platforms. Photon is intended to invite collaboration around running containerized and Linux applications in a virtualized environment.

An open platform for distributed applications for developers and sysadmins. Standard de facto.

Daemon based on liblxc offering a REST API to manage LXC containers.

Create a secure multi-user Docker machine, where each user is segregated into an indepentent container.

Lithos is a process supervisor and containerizer for running services. It is not intended to be system init, but rather tries to be a base tool to build container orchestration.

NsJail is a process isolation tool for Linux. It makes use of the namespacing, resource control, and seccomp-bpf syscall filter subsystems of the Linux kernel.

Securing the Linux desktop with Docker.

Run applications in a sandbox using Linux namespaces without root privileges, with user namespacing provided via setuid binary.

Universal application containers for Linux.

Lxroot is a flexible, lightweight, and safer alternative to chroot and/or Docker for non-root users on Linux.

This Python package allows entering Linux kernel namespaces (mount, IPC, net, PID, user and UTS) by doing the "setns" syscall.

Works with Linux namespaces through glibc with pure python.

A "Lego set" of toolkit components for containers software created by Docker.

A tool for analyzing and comparing container images.

A tool which facilitates building OCI container images.

Work with remote images registries - retrieving information, images, signing content.

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

Command line utility designed to build and to configure at runtime App Containers Images (ACI) and App Container Pods (POD) based on convention over configuration.

Whaler is designed to reverse engineer a Docker Image into the Dockerfile that created it.

A tool for exploring each layer in a docker image.

Go library and CLIs for working with container registries.

Kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.

A Docker CLI plugin that that lets you push the README.md file from the current directory to a container registry. Supports Docker Hub, Quay and Harbor.

Basic docker monitoring web application.

Lightweight Docker management UI.

Lightweight mobile-friendly Docker Swarm management UI.

The ecosystem of awesome new technologies emerging around containers and microservices can be a little overwhelming, to say the least. We thought we might be able to help: welcome to the Container Ecosystem Project.