MCPcopy Index your code
hub / github.com/genuinetools/binctr

github.com/genuinetools/binctr @main sqlite

repository ↗ · DeepWiki ↗
58 symbols 188 edges 19 files 26 documented · 45%
README

binctr

Build Status Go Report Card GoDoc

Create fully static, including rootfs embedded, binaries that pop you directly into a container. Can be run by an unprivileged user.

Check out the blog post: blog.jessfraz.com/post/getting-towards-real-sandbox-containers.

This is based off a crazy idea from @crosbymichael who first embedded an image in a binary :D

HISTORY: This project used to use a POC fork of libcontainer until @cyphar got rootless containers into upstream! Woohoo! Check out the original thread on the mailing list.

Table of Contents

Checking out this repo

$ git clone git@github.com:genuinetools/binctr.git

Building

You will need libapparmor-dev and libseccomp-dev.

Most importantly you need userns in your kernel (CONFIG_USER_NS=y) or else this won't even work.

# building the alpine example
$ make alpine
Static container created at: ./alpine

# building the busybox example
$ make busybox
Static container created at: ./busybox

# building the cl-k8s example
$ make cl-k8s
Static container created at: ./cl-k8s

Running

$ ./alpine
$ ./busybox
$ ./cl-k8s

Cool things

The binary spawned does NOT need to oversee the container process if you run in detached mode with a PID file. You can have it watched by the user mode systemd so that this binary is really just the launcher :)

Core symbols most depended-on inside this repo

Close
called by 15
container/tty.go
destroy
called by 9
container/runner.go
terminate
called by 4
container/runner.go
Run
called by 4
container/container.go
UnpackRootfs
called by 3
container/rootfs.go
copyIO
called by 3
container/tty.go
run
called by 3
container/runner.go
pullV1
called by 2
container/pull.go

Shape

Function 34
Method 17
Struct 7

Languages

Go100%

Modules by API surface

container/tty.go10 symbols
container/pull.go6 symbols
container/notify_socket.go6 symbols
container/signals.go5 symbols
examples/cl-k8s/main.go4 symbols
container/runner.go4 symbols
container/process.go4 symbols
examples/busybox/main.go3 symbols
examples/alpine/main.go3 symbols
container/spec.go2 symbols
container/rlimit.go2 symbols
container/image.go2 symbols

For agents

$ claude mcp add binctr \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact