linuxkit/projects

Projects

We aim to provide a set of open spaces for collaboration to help move projects towards production. Projects should usually at a minimum provide a README of how to get started using the project with Moby, and a roadmap document explaining what the aims are and how to contribute. Most projects will probably provide a way to run the project in a custom Moby build in its current state, which ideally will be integrated in the Moby CI so there are checks that it builds and runs. Over time we hope that many projects will graduate into the recommended production defaults, but other projects may remain as ongoing projects, such as kernel hardening.

If you want to create a project, please submit a pull request to create a new directory here.

Current projects

• Kernel Self Protection Project enhancements
• Mirage SDK privilege separation for userspace services
• OKernel intra-kernel protection using EPT (HPE)
• eBPF iovisor eBPF tools
• Landlock LSM programmatic access control
• Clear Containers Clear Containers image
• Logging Experimental logging tools
• IMA-namespace patches for supporting per-mount-namespace IMA policies
• shiftfs is a filesystem for mapping mountpoints across user namespaces
• Memorizer is a tool to trace intra-kernel memory operations.

Current projects not yet documented

• VMWare support (VMWare)
• ARM port and secure boot integration (ARM)

Completed projects

• aws/: AWS support was merged into mainline in #1964.
• wireguard/: WireGuard is now part of the default LinuxKit kernel and package set.
• kubernetes/: Has been moved to https://github.com/linuxkit/kubernetes.