A toolkit for building secure, portable and lean operating systems for containers
LinuxKit, a toolkit for building custom minimal, immutable Linux distributions.
LinuxKit currently supports the
s390xarchitectures on a variety of platforms, both as virtual machines and baremetal (see below for details).
projects/kubernetesin this repository).
golibrary and test utilities for
virtioand Hyper-V sockets.
LinuxKit uses the
linuxkittool for building, pushing and running VM images.
Simple build instructions: use
maketo build. This will build the tool in
bin/. Add this to your
PATHor copy it to somewhere in your
sudo cp bin/* /usr/local/bin/. Or you can use
sudo make install.
If you already have
goinstalled you can use
go install github.com/linuxkit/linuxkit/src/cmd/[email protected]to install the
On MacOS there is a
brew tapavailable. Detailed instructions are at linuxkit/homebrew-linuxkit, the short summary is
brew tap linuxkit/linuxkit brew install --HEAD linuxkit
Build requirements from source using a container - GNU
make- Docker - optionally
For a local build using
go get -u golang.org/x/lint/golint-
go get -u github.com/gordonklaus/ineffassign
Once you have built the tool, use
linuxkit build linuxkit.yml
to build the example configuration. You can also specify different output formats, eg
linuxkit build -format raw-bios linuxkit.ymlto output a raw BIOS bootable disk image, or
linuxkit build -format iso-efi linuxkit.ymlto output an EFI bootable ISO image. See
linuxkit build -helpfor more information.
You can use
linuxkit run .to execute the image you created with
linuxkit build .yml. This will use a suitable backend for your platform or you can choose one, for example VMWare. See
linuxkit run --help.
Currently supported platforms are: - Local hypervisors - HyperKit (macOS)
[x86_64]- Hyper-V (Windows)
[x86_64]- qemu (macOS, Linux, Windows)
[x86_64, arm64, s390x]- VMware (macOS, Windows)
[x86_64]- Cloud based platforms: - Amazon Web Services
[x86_64]- Google Cloud
[x86_64]- Microsoft Azure
[x86_64]- Baremetal: - packet.net
[x86_64, arm64]- Raspberry Pi Model 3b
make bin/rtf && make install. You will also need to install
expecton your system as some tests use it.
To run the test suite:
cd test rtf -v run -x
This will run the tests and put the results in a the
Run control is handled using labels and with pattern matching. To run add a label you may use:
rtf -v -l slow run -x
To run tests that match the pattern
linuxkit.examplesyou would use the following command:
rtf -v run -x linuxkit.examples
file.ymlor use one of the examples and then run
linuxkit build file.ymlto generate its specified output. You can run the output with
linuxkit run file.
The yaml file specifies a kernel and base init system, a set of containers that are built into the generated image and started at boot time. You can specify the type of artifact to build eg
linuxkit build -format vhd linuxkit.yml.
If you want to build your own packages, see this document.
The yaml format specifies the image to be built:
kernelspecifies a kernel Docker image, containing a kernel and a filesystem tarball, eg containing modules. The example kernels are built from
initis the base
initprocess Docker image, which is unpacked as the base system, containing
runcand a few tools. Built from
onbootare the system containers, executed sequentially in order. They should terminate quickly when done.
servicesis the system services, which normally run for the whole time the system is up
filesare additional files to add to the image
For a more detailed overview of the options see yaml documentation
There is an overview of the architecture covering how the system works.
There is an overview of the security considerations and direction covering the security design of the system.
This project was extensively reworked from the code we are shipping in Docker Editions, and the result is not yet production quality. The plan is to return to production quality during Q3 2017, and rebase the Docker Editions on this open source project during this quarter. We plan to start making stable releases on this timescale.
This is an open project without fixed judgements, open to the community to set the direction. The guiding principles are: - Security informs design - Infrastructure as code: immutable, manageable with code - Sensible, secure, and well-tested defaults - An open, pluggable platform for diverse use cases - Easy to use and participate in the project - Built with containers, for portability and reproducibility - Run with system containers, for isolation and extensibility - A base for robust products
There are monthly development reports summarising the work carried out each month.
We maintain an incomplete list of adopters. Please open a PR if you are using LinuxKit in production or in your project, or both.
Released under the Apache 2.0 license.