github.com/ggreg80/ketos@v0.0.0-20171109040536-049616f51ddb/docs/roadmap.md

github.com/ggreg80/ketos@v0.0.0-20171109040536-049616f51ddb/docs/roadmap.md (about)

     1  Roadmap
     2  ====
     3  
     4  The core:
     5  
     6  * Research how does docker privileged mode work, if it is possible to use chroot without privileged flag in a container?
     7  	* Command chroot does need privileged mode to mount /dev folder, keeping researching command [fakechroot](https://github.com/dex4er/fakechroot) and [proot](https://github.com/proot-me/PRoot).
     8  	* It seems that [droot](https://github.com/yuuki/droot) can chroot to a docker image to execute applications.
     9  	* [cgroup](https://en.wikipedia.org/wiki/Cgroups) + [namespace](https://en.wikipedia.org/wiki/Namespace) -> [LXC](https://en.wikipedia.org/wiki/LXC) -> [libcontainer](https://github.com/opencontainers/runc/tree/master/libcontainer)
    10  	* This [article](http://hansenms.github.io/devops/tips/2016/02/22/chroot-from-docker.html) contains how to tar entire filesystem and chroot into it. Also contains a link to a script to copy some nessary files into chroot root..
    11  	* [Imitate](https://ericchiang.github.io/post/containers-from-scratch/) a docker runtime with chroot
    12  	* Also [fakeroot](http://freecode.com/projects/fakeroot) and [fakeroot-ng](https://fakeroot-ng.lingnu.com/) can pretend we are root user.
    13  
    14  * How to mount docker image to a folder as container's rootfs?
    15  	* See below docker image spec.
    16  
    17  Download base image and publish derived image to registry:
    18  
    19  * How to tar a folder storing docker layers to docker image?
    20  	* There are two version v1 & v2 of docker image format, still no clue why v1 still exists, compares about two is [here](https://www.slideshare.net/Docker/docker-registry-v2).
    21  	* details about [manifest-v2-2](https://docs.docker.com/registry/spec/manifest-v2-2/) and [manifest-v2-1](https://docs.docker.com/registry/spec/manifest-v2-1/)
    22  	* Version 2 manifest file spec is storing [here](https://github.com/docker/distribution/tree/master/docs/spec), with name `manifest-v2-1.md` and `manifest-v2-2.md`. The version 1 spec is [here](https://github.com/moby/moby/tree/master/image/spec).
    23  		* The docker image metadata seems marshal from [code `image.go`](https://github.com/moby/moby/blob/master/image/image.go)
    24  * Push image tar to docker registry.
    25  	* There is a project named [skopeo](https://git.io/vdcw6) can convert between docker image and OCI image, and seems can push to docker registry, see [this issue comment](https://git.io/vdc6g)
    26  		* Project skopeo using library [containers/image](https://github.com/containers/image) to manager registry communication.
    27  		* Project [containers/storage](https://github.com/containers/storage) can manage image layers.
    28  
    29  * Parsing Dockerfile, may accord to:
    30  	* [docker/docker/builder/dockerfile/parser](https://github.com/moby/moby/tree/master/builder/dockerfile/parser)
    31  	* [grammarly/rocker/src/parser](https://github.com/grammarly/rocker/tree/master/src/parser)
    32  	* [jlhawn/dockramp/build/parser](https://github.com/jlhawn/dockramp/tree/master/build/parser)
    33  
    34  * It seems [vx32](github.com/0intro/vx32) is another chroot solution
    35  	* [here](github.com/majek/vx32example) is an example
    36  	* [paper](https://swtch.com/~rsc/papers/vx32-usenix2008.pdf) and [some talks](https://news.ycombinator.com/item?id=12620205)