mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-01-16 23:51:49 +00:00
85b37697ac
The aim of the split kernel is to introduce a level of intra-kernel protection into the kernel so that, amongst other things, it can offer lifetime guarantees over kernel code and data integrity. These patches only wire in the kernel build from a 4.11-rc3 snapshot. The userspace tools will follow shortly. Instructions came via https://github.com/linux-okernel/linux-okernel (linux-okernel branch) and via @edwards-n and @t-koulouris. The build can be done via `cd projects/okernel && make`. Signed-off-by: Anil Madhavapeddy <anil@docker.com>
Projects
We aim to provide a set of open spaces for collaboration to help move projects towards production. Projects should usually
at a minimum provide a README of how to get started using the project with Moby, and a roadmap document explaining what
the aims are and how to contribute. Most projects will probably provide a way to run the project in a custom Moby build
in its current state, which ideally will be integrated in the Moby CI so there are checks that it builds and runs. Over
time we hope that many projects will graduate into the recommended production defaults, but other projects may remain as
ongoing projects, such as kernel hardening.
If you want to create a project, please submit a pull request to create a new directory here.
Current projects
- Kernel Self Protection Project enhancements
- Mirage SDK privilege separation for userspace services
- Wireguard cryptographic enforced container network separation
- OKernel intra-kernel protection using EPT (HPE)
Current projects not yet documented
- Clear Linux integration (Intel)
- VMWare support (VMWare)
- ARM port and secure boot integration (ARM)