{"id":37087946,"url":"https://github.com/rootless-containers/runrootless","last_synced_at":"2026-01-14T10:48:46.742Z","repository":{"id":83616770,"uuid":"116664643","full_name":"rootless-containers/runrootless","owner":"rootless-containers","description":"rootless OCI container runtime with ptrace hacks (No root privileges nor SUID binaries (e.g. newuidmap) are required!)","archived":true,"fork":false,"pushed_at":"2018-04-13T08:20:09.000Z","size":4136,"stargazers_count":119,"open_issues_count":5,"forks_count":11,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-06-27T00:37:59.833Z","etag":null,"topics":["oci","ptrace","rootless","rootless-containers","runc"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rootless-containers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-08T10:49:55.000Z","updated_at":"2024-03-07T23:00:11.000Z","dependencies_parsed_at":"2023-06-18T06:00:11.259Z","dependency_job_id":null,"html_url":"https://github.com/rootless-containers/runrootless","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rootless-containers/runrootless","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rootless-containers%2Frunrootless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rootless-containers%2Frunrootless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rootless-containers%2Frunrootless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rootless-containers%2Frunrootless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rootless-containers","download_url":"https://codeload.github.com/rootless-containers/runrootless/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rootless-containers%2Frunrootless/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oci","ptrace","rootless","rootless-containers","runc"],"created_at":"2026-01-14T10:48:46.246Z","updated_at":"2026-01-14T10:48:46.736Z","avatar_url":"https://github.com/rootless-containers.png","language":"Go","readme":"# runROOTLESS: rootless OCI container runtime with ptrace hacks\n\n[![Build Status](https://travis-ci.org/rootless-containers/runrootless.svg)](https://travis-ci.org/rootless-containers/runrootless)\n\n## Quick start (No root privileges nor SUID binaries are required!)\n\n### Install\n\nRequires: Go, runc\n\n```console\nuser$ go get github.com/rootless-containers/runrootless\nuser$ $GOPATH/src/github.com/rootless-containers/runrootless/install-proot.sh\n```\n\nFuture version should install a pre-built PRoot binary automatically on the first run.\n\n### Usage\n\nCreate an example Ubuntu bundle:\n\n```console\nuser$ cd ./examples/ubuntu\nuser$ ./prepare.sh\nuser$ ls -1F\nconfig.json\nprepare.sh\nrootfs/\n```\n\nMake sure the bundle cannot be executed with the regular `runc`:\n\n```console\nuser$ runc run ubuntu\nrootless containers require user namespaces\n```\n\nNote that even with `runc spec --rootless`, you cannot execute `apt`:\n```console\nuser$ rm config.json\nuser$ runc spec --rootless\nuser$ sed -i 's/\"readonly\": true/\"readonly\": false/' config.json\nuser$ runc run ubuntu\n# apt update\nE: setgroups 65534 failed - setgroups (1: Operation not permitted)\nE: setegid 65534 failed - setegid (22: Invalid argument)\nE: seteuid 100 failed - seteuid (22: Invalid argument)\nE: setgroups 0 failed - setgroups (1: Operation not permitted)\nReading package lists... Done\nW: chown to _apt:root of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (22: Invalid argument)\nE: setgroups 65534 failed - setgroups (1: Operation not permitted)\nE: setegid 65534 failed - setegid (22: Invalid argument)\nE: seteuid 100 failed - seteuid (22: Invalid argument)\nE: setgroups 0 failed - setgroups (1: Operation not permitted)\nE: Method gave invalid 400 URI Failure message: Failed to setgroups - setgroups (1: Operation not permitted)\nE: Method http has died unexpectedly!\nE: Sub-process http returned an error code (112)_\n```\n\nWith `runrootless`, you can execute `apt` successfully:\n\n```console\nuser$ ./prepare.sh\nuser$ runrootless run ubuntu\n# apt update\n# apt install -y cowsay\n# /usr/games/cowsay hello rootless world\n ______________________\n\u003c hello rootless world \u003e\n ----------------------\n        \\   ^__^\n         \\  (oo)\\_______\n            (__)\\       )\\/\\\n                ||----w |\n                ||     ||\n```\n\n### Other examples\n\nCentOS:\n```console\nuser$ cd ./examples/centos\nuser$ ./prepare.sh\nuser$ runrootless run centos\nsh-4.2# yum install -y epel-release\nsh-4.2# yum install -y cowsay\nsh-4.2# cowsay hello rootless world\n```\n\nAlpine Linux:\n```console\nuser$ cd ./examples/alpine\nuser$ ./prepare.sh\nuser$ runrootless run alpine\n/ # apk update\n/ # apk add fortune\n/ # fortune\n```\n\nArbitrary Docker image:\n```console\nuser$ cd ./examples/docker-image\nuser$ ./prepare.sh opensuse\nuser$ runrootless run opensuse\nsh-4.3# zypper install cowsay\nsh-4.3# cowsay hello rootless world\n```\n\nArbitrary container image, using [skopeo](https://github.com/projectatomic/skopeo) and [umoci](https://github.com/openSUSE/umoci).\numoci and runROOTLESS share emulated `chown(2)` information via `user.rootlesscontainers` xattr.\n```console\nuser$ cd ./examples/skopeo-umoci\nuser$ ./prepare.sh docker://ubuntu\nuser$ cd umoci-bundle\nuser$ runrootless run ubuntu\n```\n\nrunROOTLESS can be also executed inside Docker container, but `--privileged` is still required ( https://github.com/opencontainers/runc/issues/1456 )\n\n```console\nhost$ docker run -it --rm --privileged akihirosuda/runrootless\n~ $ id\nuid=1000(user) gid=1000(user)\n~ $ cd ~/examples/ubuntu/\n~/examples/ubuntu $ ./prepare.sh\n~/examples/ubuntu $ runrootless run ubuntu\n#\n```\n\n### Environment variables\n\n- `RUNROOTLESS_SECCOMP=1`: enable seccomp acceleration (unstable)\n\n## How it works\n\n- Transform a regular `config.json` to rootless one, and create a new OCI runtime bundle with it.\n- Bind-mount a static [PRoot](https://github.com/rootless-containers/PRoot) binary so as to allow `apt`/`yum` commands.\n- Inject the PRoot binary to `process.args`.\n- Invoke plain runC.\n\n## Known issues\n\n- `apt` / `dpkg` may crash when seccomp acceleration is enabled: https://github.com/rootless-containers/runrootless/issues/4\n\n## Future work\n\n### OCI Runtime Hook mode\n\nrunROOTLESS could be reimplemented as a OCI Runtime Hook (prestart) that works with an arbitrary OCI Runtime.\nThis work would need adding support for `PTRACE_ATTACH` to PRoot.\nAlso, it would require YAMA to be disabled.\n\n### Reimplement PRoot in Go\n\nThis is hard than I initially thought...\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootless-containers%2Frunrootless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frootless-containers%2Frunrootless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootless-containers%2Frunrootless/lists"}