mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-04-04 18:59:55 +00:00
ba60937754
This implements the proposal in #2564 and converts a handful of representative or especially interesting (from a build PoV) packages to use it. For now those pkg/* affected get a stub-`Makefile`, once all packages are converted then `pkg/Makefile` can be adjusted and those stubs can be removed. For now only `pkg/package.mk`'s functionality is implemented. In particular: - `push-manifest.sh` remains a separate script, to enable calling it on systems with just the LinuxKit tools installed arrange to install it under a less generic name. - `kernel` and `tools/alpine` do not use `pkg/package.mk` and those cases are not yet fully considered/covered. I have updated the documentation assuming that the existing uses of `pkg/package.mk` will be removed quite soon in a follow up PR rather than trying to document the situation which results after just this commit. Due to `cmd/linuxkit` now gaining a library the build needs adjusting slightly to allow both `make bin/linuxkit` and `go build` to work. `go vet` has forced me to write some rather asinine comments for things that are rather obvious from the name. Signed-off-by: Ian Campbell <ijc@docker.com>
Projects
We aim to provide a set of open spaces for collaboration to help move projects towards production. Projects should usually
at a minimum provide a README of how to get started using the project with Moby, and a roadmap document explaining what
the aims are and how to contribute. Most projects will probably provide a way to run the project in a custom Moby build
in its current state, which ideally will be integrated in the Moby CI so there are checks that it builds and runs. Over
time we hope that many projects will graduate into the recommended production defaults, but other projects may remain as
ongoing projects, such as kernel hardening.
If you want to create a project, please submit a pull request to create a new directory here.
Current projects
- Kernel Self Protection Project enhancements
- Mirage SDK privilege separation for userspace services
- OKernel intra-kernel protection using EPT (HPE)
- eBPF iovisor eBPF tools
- Swarmd Standalone swarmkit based orchestrator
- Landlock LSM programmatic access control
- Clear Containers Clear Containers image
- Logging Experimental logging tools
- etcd cluster etcd cluster demo from DockerCon'17
- kernel-config an experiment on how to manage kernel config
- IMA-namespace patches for supporting per-mount-namespace IMA policies
- shiftfs is a filesystem for mapping mountpoints across user namespaces
- Memorizer is a tool to trace intra-kernel memory operations.
Current projects not yet documented
- VMWare support (VMWare)
- ARM port and secure boot integration (ARM)
Completed projects
aws/: AWS support was merged into mainline in #1964.wireguard/: WireGuard is now part of the default LinuxKit kernel and package set.