storage
Moby
storage | Moby | |
---|---|---|
5 | 212 | |
526 | 67,768 | |
1.0% | 0.3% | |
9.7 | 10.0 | |
2 days ago | 3 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
storage
-
Where are the containers located on my system?
Check here: https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md
-
Storage Solutions & Their Use Cases
One example that keeps popping up over the years is containers and ZFS or more specifically Linux kernel namespaces and ZFS. First LXD in 2016, podman in 2020 and 2021. There is docker issues in the past as well with the ZFS storage driver or overlayfs. These issues are fixed rather quickly by ZFS (because they are very good at what they do) or by upstream, but bugs keep happening. It is something I do not want to deal with. As I expect future problems with ZFS and projects that depend on specific features of the linux kernel, I prefer using something else. In this case Stratis, LVM and XFS, or LVM and ext4.
-
How to mount network storage into podman rootless container?
I tried using NFS because I know it well, and it is easy to do using ZFS. This Red Hat blog post says NFS should work and it does not work at the same time. I decided to just try. The ZFS server has no idea about the subuids on the podman host, so I had to mess around with --uidmap and --gidmap. That worked, as long as I did not use a pod. To keep things neat and simple, I tried to put all my Nextcloud containers into one pod. However, the id-mapping features cannot map multiple container IDs to the same host IDs. So, I cannot map the www-data (70) user and the postgres (82) user to localadmin (1000) on the podman host. Next, I tried directly mounting the NFS share as a volume using the '--opt type=nfs4' option when creating the volumes. Right away, I learned that rootless containers can't mount network shares. Makes a certain kind of sense and is also documented in the man page. But I first tried using root containers, to prove out the concept. The volumes mounted without complaint, but I landed back at square one because the id-mapping is not applied anywhere now. Appears to me that, NFS is a complete dud for this kind of application.
- Overlay: Support Native Rootless Mounts
-
Podman: A Daemonless Container Engine
Docker is properly attributed to, see https://github.com/containers/storage/blob/a4cc7aa79e050c976...
I think OP wanted to say that Podman hates Docker what is not I feel when I'm interacting with the community there. People who use Podman do it because of it's additional features that Docker does not have, like starting an Container from a rootfs or mounting the currect directory in a container using "." as path. It's a lot of small things that make Podman better.
Moby
-
Release Radar • March 2024 Edition
Having been featured in our February 2023, and January 2024 Release Radars, Moby is the original Linux Container runtime. This new version adds a bunch of changes to the Docker CLI and Moby itself with additional features. There's bug fixes and enhancements, with the main thing for users to be on the look out for containers that were created using Docker Engine 25.0.0. These containers might have duplicate MAC addresses, and thus must be recreated. The same goes for those containers created with Moby 25.0+ and with user defined MAC addresses. Read up on all these changes in the release notes.
-
Choosing a Name for Your Computer
Formlabs does this as well for their 3d printers, my earliest encounter of this was when Docker started getting popular: https://github.com/moby/moby/blob/master/pkg/namesgenerator/...
- Docker Inc. refuses to patch HIGH vulnerabilities in Docker
-
Do not install Docker Desktop on GNU/Linux systems
Try to use moby instead since that is the engine in Docker.
https://github.com/moby/moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
- Moby: Block io_uring_* syscalls in default profile
- Io_uring will be blocked by default on Docker
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
What are some alternatives?
asciinema - Platform for hosting and sharing terminal session recordings
podman - Podman: A tool for managing OCI containers and pods.
go - The Go programming language
containerd - An open and reliable container runtime
zfs - OpenZFS on Linux and FreeBSD
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
docker-openwrt - OpenWrt running in Docker
railcar - RailCar: Rust implementation of the Open Containers Initiative oci-runtime
ofelia - A docker job scheduler (aka. crontab for docker)
crun - A fast and lightweight fully featured OCI runtime and C library for running containers
k3d - Little helper to run CNCF's k3s in Docker