{"id":13415934,"url":"https://github.com/ihucos/plash","last_synced_at":"2025-03-14T23:31:15.273Z","repository":{"id":45265859,"uuid":"90044689","full_name":"ihucos/plash","owner":"ihucos","description":"Build and run layered root filesystems.","archived":false,"fork":false,"pushed_at":"2024-01-23T19:43:48.000Z","size":28579,"stargazers_count":374,"open_issues_count":15,"forks_count":15,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-05-19T03:24:31.672Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ihucos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-02T14:47:32.000Z","updated_at":"2024-07-30T23:48:35.072Z","dependencies_parsed_at":"2024-07-30T23:48:34.378Z","dependency_job_id":"a9b03c06-023a-479d-b473-42d33e14fc9e","html_url":"https://github.com/ihucos/plash","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihucos%2Fplash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihucos%2Fplash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihucos%2Fplash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihucos%2Fplash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ihucos","download_url":"https://codeload.github.com/ihucos/plash/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243663461,"owners_count":20327299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T21:00:53.120Z","updated_at":"2025-03-14T23:31:15.267Z","avatar_url":"https://github.com/ihucos.png","language":"C","readme":"# Plash\n\nBuild and run layered root filesystems.\n\n```\nBuild and run layered root filesystems.\n\nUSAGE:\n\n  Import Image:\n    plash pull:docker IMAGE[:TAG]  -  Pull image from docker cli\n    plash pull:lxc DISTRO:VERSION  -  Download image from images.linuxcontainers.org\n    plash pull:tarfile ARG         -  Import the image from an file\n    plash pull:url ARG             -  Download image from an url\n\n  Export Image:\n    plash push:dir ID ARG          -  Export image to a directory\n    plash push:tarfile ID ARG      -  Export image to a file\n\n  Image Commands:\n    plash build ID CODE   -  Build a new image\n    plash mount ID MOUNTDIR        -  Mount image to the host filesystem\n    plash mounted ID [CMD ...]     -  Run command on a mounted image\n    plash nodepath [--allow-0] ID  -  Print filesystem path of an image\n    plash parent ID                -  Print the parents image\n    plash rm ID                    -  Remove image and its children\n    plash run ID ...               -  Run command in image\n    plash do PLASH_CMD ...         -  Shortcut for `plash recall cache ...`\n    plash cache PLASH_CMD ...      -  Cache image id output by argv\n    plash run:persist ID DIR ...   -  Run and persist fs changes at DIR\n    plash stack ID DIR             -  Create a new image specyfing its layer\n    plash check ID PATH            -  Invalidate ongoing caches if PATH changed.\n\n  Other Commands:\n    plash recall PLASHCMD *ARGS -  Save returned ID and/or reuse last saved ID\n    plash chroot DIR [CMD ...]  -  Flavored chroot\n    plash clean                 -  Remove internal unsused files\n    plash data                  -  Print application data path\n    plash help                  -  Print help message\n    plash init                  -  Initialize data dir\n    plash map KEY [ID]          -  Map lorem ipsum\n    plash mkdtemp               -  Create tempory data directory\n    plash purge                 -  Remove all application data\n    plash shrink                -  Remove half of all images\n    plash sudo ...              -  Run program as 'userspace root'\n    plash version               -  Print version\n```\n\n\n## Install\n```\ncd $(mktemp -d)\ngit clone git@github.com:ihucos/plash.git .\nmake\nsudo cp dist/plash /usr/local/bin\n```\n\n## Uninstall\n```\nsudo rm /usr/local/bin/plash\n```\n\n## Requirements\n  - `make` and `cc`\n  - Linux Kernel \u003e= 5.11\n  - Optional `newuidmap` and `newgidmap` for setuid/setgid support with non-root users (needed by e.G. `apt`)\n\n## Caveats\n\n- Plash processes have the same operating system access rights than the process\n  that started it. There is no security relevant isolation feature. Exactly as\n  with running programs \"normally\", don't run programs you do not trust with\n  plash and try to avoid using plash with the root user.\n\n- Plash only runs inside Docker containers started with the `--privileged`\n  flag, see GitHub issue #51 for details. \n  \n## Plash vs Other Container Engines\n\nPlash containers are not necessarily true containers because they do not fully isolate themselves from the host system and do not have additional security measures set in place. Instead, they are more like a combination of processes and containers, and can be treated like normal processes (e.g., they can be killed). Plash containers also have access to the home directory of the user who started them. To better understand this concept, refer to the provided diagram. \n\n```\nThreads \u003c Processes \u003c Plash \u003c Containers \u003c Virtualisation \u003c Physical computer\n```\n\nIn general, the more to the left something is on the spectrum, the less flexible it is, but the more integrated it is with the system, allowing it to share existing resources. Plash containers are more constrained than traditional containers, but in exchange, they have access to resources that would typically only be available to processes.\n\n### Resources plash containers share with it's caller\n- Network access, including access to the hosts localhost\n- The user's home directory (/home is mapped)\n- The /tmp directory (during runtime, not during building)\n- The Linux kernel (as with traditional containers)\n\n### Resources unique to a plash containers\n- The mount namespace\n- The root folder, allowing running a different linux distribution\n\n\nPlash containers are just a normal Linux process that happen to run on a different root filesystem. This means that they have their own set of benefits and drawbacks and may be more or less suitable for a particular use case.\n\n## User Interface Guidelines\n- Elegance in minimalism\n- User interface needs break Development Guidelines\n\n## Development Guidelines\n\n- Keep the script character.\n- Don't fall in love with the code, embrace its absence.\n- All dependencies will get unmaintained at some point.\n- Use honest thin wrappers, documented leaky abstractions are better then difficult promises.\n- Don't be a monolith but don't try too hard not to be one.\n- Don't complain or warn via stderr, do it or don't do it.\n- Only be as smart as necessary and keep it simple and stupid (KISS).\n- Still be able to run this in five years without any maintenance work.\n- No baggage, no worries.\n- Define well what this project is and especially what it is not.\n- Say no to features, say yes to solved use cases.\n- Postpone compromises.\n- Ditch everything that turns out too fiddly.\n- Be as vanilla as you can be\n- Be humble, don't oversell your abstraction layer.\n- Sometimes the dirty solution is cleaner than the proper one.\n- Don't differentiate root from non-root users (this is a TODO)\n- Crude is better than complex.\n- Only eat your own dog food if you are hungry.\n- Work towards a timeless, finished product that will require no maintenance.\n- Don't write C just because it looks cool, use the right tool for the right job.\n- Cognitive load for endusers does matter after all\n- The right guidelines for the right situation.\n\n\n## FAQ\n\n### Can I contribute?\nPlease! Write me an mail mail@irae.me, open an issue, do a pull request or ask\nme out for a friendly chat about plash in Berlin.\n\n### Who are you?\nA Django/Python software-developer. Since this is an open source project I hope\nthis software grows organically and collaboratively.\n\n### Why write a containerization software?\nTechnical idealism. I wanted a better technical solution for a problem. In my\npersonal opinion Docker is revolutionary but has some shortcomings: awkward\ninterface, reinvention of established software or interfaces, bundling, vendor\nlock in and overengineering. In a way it kills it's idea by trying too hard to\nbuild a huge company on top of it. Plash thrives not to be more than a useful\ntool with one task: Building and running containerized processes. Ultimately I\nwanted something I can if necessary maintain by myself.\n\n### Are there plans to commercialise this?\nNo, there isn't. At the same time I don't want to risk disappointing anyone and\nam not making any absolute guarantees.\n\n### What is the Licence?\nplash is licensed under the MIT Licence.\n\n### How does plash compare to Docker?\nDocker is a bloated SUV you have to bring to the car workshop every week, for\nrandom alterations, features and new advertising stickers. Plash is a nice\nfixed gear bike, but the welds are still hot and nobody checked the bolts yet.\n\n### Can I run this in production?\nNo guarantees.\n\n### Is plash secure?\nPlash does not use any daemons or have its own setuid helper binaries. Note\nthat plash does not try to isolate containers (which are just normal\nprocesses). That means that running a program inside plash is not a security\nfeature. Running any container software introduces more entities to trust, that\nis the root file system image with its additional linux distribution and its\nown package manager. Using a program from alpine edge could be considered less\nsecure than a package from debian stable or vice versa. Also note that keeping\ncontainers updated is more difficult than keeping \"normal\" system software\nupdated. Furthermore note that programs could be not used to run inside\nsemi-isolated containers and behave oddly. Plash uses unmodified lxc images.\nUsing plash as root should be avoided and should not be necessary for most use\ncases.  Until now plash was written by one person and of course I could be\nwrong about something. But generally speaking it really should be good enough.\n","funding_links":[],"categories":["Container Operations","C","others","Python"],"sub_categories":["Container Composition"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihucos%2Fplash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fihucos%2Fplash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihucos%2Fplash/lists"}