sysbox
platform-compat
sysbox | platform-compat | |
---|---|---|
22 | 23 | |
2,525 | 249 | |
2.1% | - | |
8.6 | 1.2 | |
2 days ago | over 3 years ago | |
Shell | C# | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sysbox
-
Podman Desktop: A Free OSS Alternative to Docker Desktop
You are probably referring to Sysbox (https://github.com/nestybox/sysbox), which I believe will meet your requirements (systemd, inner containers, security, etc).
Btw, Sysbox is already supported in Docker-Desktop (business tier only), so you can easily do what you want with this instruction:
$ docker run -it --rm -e SYSBOX_SYSCONT_MODE=TRUE nestybox/ubuntu-focal-systemd-docker:latest bash
Disclaimer: I'm Sysbox's co-creator and currently working for Docker.
- Sysbox: VM-Like Containers
- What companies are using golang and have source code in github?
-
SELinux is unmanageable; just turn it off if it gets in your way
One project in this space that looked quite promising to me is sysbox[0]. I've used them once for a gitlab runner set-up similar to what is described in their blog[1].
It's currently working great and I have not had any major crashes/incidents for at least the past 8 months.
[0]: https://github.com/nestybox/sysbox
[1]: https://blog.nestybox.com/2020/10/21/gitlab-dind.html
-
Jenkins in Docker: Running Docker in a Jenkins container
Today, things are very different. Docker-in-Docker has a more secure and safe approach with rootless containers and freemium tools like sysbox. Tools like sysbox let you run Docker-in-Docker without the -privileged flag and optimizes specific scenarios, like running multiple nodes of a Kubernetes cluster as ordinary containers.
-
Run untrusted code in sandbox
Right now I am going with sysbox rootless containers. https://github.com/nestybox/sysbox
-
Real-world stories of how we’ve compromised CI/CD pipelines
We’ve been using Sysbox (https://github.com/nestybox/sysbox) for our Buildkite based CI/CD setup, allows docker-in-docker without privileged containers. Paired with careful IAM/STS design we’ve ended up with isolated job containers with their own IAM roles limited to least-privilege.
-
Individual Docker Desktops vs hosting on a server?
A good alternative to the VM approach is to use Kubernetes + Sysbox (a next-gen "runc", free, open-source).
- Sysbox now works on K8s v1.21
-
Does running a container with privileged mode turn on allow code to escape into the Host ?
But nowadays there is an option to run such software in containers securely. It's called Sysbox, and it's a new "runc" (the piece of software that creates the containers). I am one of the developers, so I am biased, but I think you'll find it helpful.
platform-compat
-
KeePass flaw allows retrieval of master password
DotNet offers the SecureString class to keep a string encrypted in Memory, but as long as the OS does not natively support this concept, the only advantage is that it resides in memory for a shorter time, the disadvantage is that SecureStrings are easier to search for.
- System.Net.Mail.SmtpClient is not recommended anymore; what is the alternative?
-
Bitwarden PINs can be brute-forced
Note the KeePass's resistance to the attack mentioned depends on the security of .NET's secure string, which, here's what Microsoft has to say about it (https://github.com/dotnet/platform-compat/blob/master/docs/D...)
As for KeePassXC, last I checked it didn't even bother.
-
Ever Find A Dead Man's Switch On A Network/Domain?
TIL. Looks like the deprecation note recommends MailKit.
-
Disabilities and Windows Passwords
Well of course, but it does have to be passed to the module that generates the hashes AD uses in the first place. And as I said, the standard password reset screen is bound to store the password in plain text somewhere as well.
-
Embedded logo in HTML email sent from PowerShell
This won’t help you with your question, but I figured I should warn against using send-mailmessage.
-
Alternative to PowerShell cmdlet 'send-mailmessage'
points you here.
-
API pagination help?
Some of the reasons for not using Hashtable or other non-generic collection types are outlined here. That's why Microsoft doesn't recommend their usage in new implementations across all of its API documentation.
- How to deal with credentials in automated scripts?
-
pfSense configuration backup
And if you really want to be secure you need to something better than a SecureString: https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md
What are some alternatives?
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
envchain - Environment variables meet macOS Keychain and gnome-keyring <3
containerd - An open and reliable container runtime
ImportExcel - PowerShell module to import/export Excel spreadsheets, without Excel
dind - Docker in Docker
envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
gvisor - Application Kernel for Containers
MailKit - A cross-platform .NET library for IMAP, POP3, and SMTP.
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
distrobuilder - System container image builder for LXC and Incus
snekbox - Easy, safe evaluation of arbitrary Python code
AngleSharp - :angel: The ultimate angle brackets parser library parsing HTML5, MathML, SVG and CSS to construct a DOM based on the official W3C specifications.