{"id":22293593,"url":"https://github.com/xi/d-utils","last_synced_at":"2026-05-03T19:33:36.280Z","repository":{"id":150048210,"uuid":"504905722","full_name":"xi/d-utils","owner":"xi","description":"simple utils to use docker images without docker","archived":false,"fork":false,"pushed_at":"2025-08-09T08:15:05.000Z","size":36,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-09T10:09:13.523Z","etag":null,"topics":["bwrap","docker","oci"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-06-18T17:17:24.000Z","updated_at":"2025-08-09T08:15:08.000Z","dependencies_parsed_at":"2024-01-10T15:25:41.786Z","dependency_job_id":"e36e2a6f-a6a7-4002-a4c6-be551ff86688","html_url":"https://github.com/xi/d-utils","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/xi/d-utils","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xi%2Fd-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xi%2Fd-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xi%2Fd-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xi%2Fd-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xi","download_url":"https://codeload.github.com/xi/d-utils/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xi%2Fd-utils/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32582761,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bwrap","docker","oci"],"created_at":"2024-12-03T17:29:45.587Z","updated_at":"2026-05-03T19:33:36.267Z","avatar_url":"https://github.com/xi.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# d-utils\n\n`d-utils` is a set of simple utils to use docker images without docker.\n\n-\t`d-pull NAME[:TAG] [DIR]` will download a docker image and save it to `DIR`.\n\tIt is saved as a single `rootfs` folder along with a `config.json`.\n-\t`d-run DIR [CMD]` will execute `CMD` in the container give by `DIR`.\n\n# Config\n\nThis is the full list of values from docker's\n[`config.json`](https://github.com/opencontainers/image-spec/blob/main/config.md)\nthat are actually used by `d-run`:\n\n-\t`User`\n-\t`Hostname`\n-\t`WorkingDir`\n-\t`Env`\n-\t`Volumes`\n-\t`Entrypoint`\n-\t`Cmd`\n\n`d-run` uses the following additional values:\n\n-\t`net` (bool) - enable networking (default: false)\n-\t`rw` (bool) - allow to modify the base image (default: false)\n\nYou are encouraged to modify this file, e.g. to add a volume or change the\ndefault command.\n\nYou can also modify the rootfs, both from a running container (if it uses the\n`rw` option) and from the host system. If you need a new container based on the\nsame image you can just run `d-pull` again. The layers are cached in\n`~/.cache/d-utils/` for 30 days.\n\n# Motivation\n\n\u003e\tThat (Linux) Containers are a userspace fiction is a well-known dictum\n\u003e\tnowadays. […] This is achieved by combining a multitude of Linux kernel\n\u003e features.\n\u003e -- [Christian Brauner](https://people.kernel.org/brauner/the-seccomp-notifier-new-frontiers-in-unprivileged-container-development)\n\nI (think I) can remember when cgroups and namespaces were added to linux. Back\nthen they were announced as low-level features that were not supposed to be\nused directly, but that could enable exciting new high-level tools.\n\nAnd boy did that make waves. Nowadays there are many tools that use these\nlow-level features: systemd uses them to isolate system services, flatpak and\nsnap do something similar for desktop applications, and docker has popularized\nthe idea of \"containers\" that have now spread far beyond docker itself.\n\nMy trouble is: None of these tools feel like they have nailed the \"high level\"\naspect of this. `systemd-analyze security` for example lists 80 (!) different\nsettings. What I expect from a high-level tool is a good mix between\nflexibility and simplicity, and these tools seem to give me neither.\n\nDocker is the worst offender in my opinion. In an attempt to make it easier for\nusers there is a lot of implicit behavior: When I start a container the\nnecessary files are implicitly downloaded and stored somewhere on my machine.\nAnd the container is implicitly started with root permissions. In my opinion\nthis implicit behavior does more harm than good.\n\nAnd even with this behavior, docker is still far from simple to use. There is\nan abundance of subcommands and options that are hard to understand without a\ndeep understanding of both docker and the underlying primitives.\n\nSo let's start from scratch.\n\nAs far as I understand, containerization has two goals: Bundle an application\nwith libraries and configuration so it can run anywhere, and then isolate the\nwhole thing so it cannot mess up the host system.\n\nTo run such a container you would basically just need a chroot. Namespaces can\nthen help to further isolate the container, which is good but not essential.\n`bwrap` (also used in flatpak) provides all of that and actually has good UX,\nso we are up to a promising start.\n\nBut then you also need the container itself. And this is where docker makes a\ncomeback: The ideas of images, containers, layers, volumes as well as\nDockerfiles and an online registry are seriously great and probably a big part\nwhy docker blew up.\n\nSo with this project I tried to combine docker images with bwrap. The guiding\nprinciples are:\n\n-\tSimple is better than complex\n\t-\tLess than 1000 lines of code\n\t-\tCompleteness can be sacrificed in favor of simplicity\n\t\t([worse is better](https://www.jwz.org/doc/worse-is-better.html))\n\t-\tUse established tools for the complicated bits\n\t-\tThe filesystem is stored in a single folder, no layerfs/aufs/overlayfs\n\t-\tLinux only\n-\tExplicit is better than implicit\n\t-\tContainers have a simple folder structure\n\t-\tUsers can identify containers by their (manually chosen) path\n-\tEverything is unprivileged\n\n# Limitations\n\n-\tThis approach will use more disk space because it does not share\n\tlayers/images between containers.\n-\tIt is currently not possible to do any network configuration (e.g. map ports)\n\tother than sharing network or not sharing network.\n-\tSome tools are known to cause issues when not running as root:\n\t-\tdpkg ([workaround](https://github.com/opencontainers/runc/issues/2517#issuecomment-1030859646))\n\n# Similar Projects\n\n-\thttps://github.com/containers/bubblewrap\n-\thttps://github.com/NotGlop/docker-drag\n-\thttps://github.com/twosigma/debootwrap\n-\thttps://github.com/RalfJung/bubblebox\n-\thttps://github.com/89luca89/lilipod\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxi%2Fd-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxi%2Fd-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxi%2Fd-utils/lists"}