rkt is a pod-native container engine for Linux. It is composable, secure, and built on standards.
Go Makefile Shell M4 C Protocol Buffer
Latest commit 838818d Jan 23, 2017 @lucab lucab committed on GitHub Merge pull request #3552 from ElijahCaine/insecure_docs
docs: better explanation for insecure-options
Failed to load latest commit information.
.github issue template: Add '\n' to the end of environment output Jul 30, 2016
Documentation Merge pull request #3552 from ElijahCaine/insecure_docs Jan 23, 2017
api/v1alpha rkt: Change exit codes to 254 Oct 14, 2016
common stage1: fix incorrect splitting function Jan 18, 2017
dist setup-data-dir.sh: try to apply directives from rkt.conf first Nov 2, 2016
lib pkg/pod add IsFinished, rename AfterRun -> IsAfterRun Dec 14, 2016
logos logos: update logos Mar 31, 2015
makelib makelib: add a git describe step Nov 28, 2016
networking gc: make sure CNI_PATH is same for gc and init Nov 9, 2016
pkg pkg: add filepath.EvalSymlinksAlways Jan 17, 2017
rkt image gc: don't remove images that currently running pods were made from Jan 19, 2017
scripts version: bump to v1.23.0 Jan 19, 2017
stage0 sandbox/app-add: fix mount targets with absolute symlink targets Jan 17, 2017
stage1 stage1/init/common/tests: disable TestAppToNspawnArgs* Jan 17, 2017
stage1_fly Merge pull request #3523 from lucab/to-upstream/fly-pgid Jan 11, 2017
store tests: use appc schema instead of string templates Jan 12, 2017
tests version: bump to v1.23.0+git Jan 19, 2017
tools build: Stop printing irrelevant invalidation messages Aug 10, 2016
vendor Bump appc/docker2aci library version to 0.15.0 Jan 16, 2017
version build: include git shortcommit in devel versions Aug 6, 2015
.gitignore tests: update AWS CI setup Dec 21, 2016
.travis.yml travis: bump to go 1.5.4 and go 1.6.3 Aug 18, 2016
CHANGELOG.md version: bump to v1.23.0 Jan 19, 2017
CONTRIBUTING.md Docs: Mention style guide in CONTRIBUTING.md Oct 4, 2016
DCO chore(contributing): clean up CONTRIBUTING.md and split out DCO Apr 4, 2014
LICENSE *: split apart LICENSE information Feb 22, 2016
MAINTAINERS MAINTAINERS: remove @jellonek Oct 24, 2016
Makefile.in build: add --with-stage1-systemd-revision option for src build Nov 17, 2016
README.md README: remove unnecessary API service reference Jan 2, 2017
ROADMAP.md version: bump to v1.23.0 Jan 19, 2017
Vagrantfile Documentation/vagrant: use rkt binary for getting started Jun 21, 2016
autogen.sh build: more fixes for autogen.sh script Sep 8, 2015
config.guess build: Rework to use nonrecursive makefile. Jul 10, 2015
config.sub build: Rework to use nonrecursive makefile. Jul 10, 2015
configure.ac version: bump to v1.23.0+git Jan 19, 2017
gimme.local travis: Add gimme.local Jun 27, 2016
glide.lock Bump appc/docker2aci library version to 0.15.0 Jan 16, 2017
glide.yaml Bump appc/docker2aci library version to 0.15.0 Jan 16, 2017
install-sh stage0,stage1: autoconf-based build Jul 10, 2015


rkt - the pod-native container engine

godoc Build Status (Travis) Build Status (SemaphoreCI) Build Status (Jenkins)

rkt Logo

rkt (pronounced "rock-it") is a CLI for running application containers on Linux. rkt is designed to be secure, composable, and standards-based.

Some of rkt's key features and goals include:

Project status

The rkt v1.x series provides command line user interface and on-disk data structures stability for external development. Any major changes to those primary areas will be clearly communicated, and a formal deprecation process conducted for any retired features.

Check out the roadmap for more details on the future of rkt.

Trying out rkt

To get started quickly using rkt for the first time, start with the "trying out rkt" document. Also check rkt support on your Linux distribution. For an end-to-end example of building an application from scratch and running it with rkt, check out the getting started guide.

Getting help with rkt

There are a number of different avenues for seeking help and communicating with the rkt community:

  • For bugs and feature requests (including documentation!), file an issue
  • For general discussion about both using and developing rkt, join the rkt-dev mailing list
  • For real-time discussion, join us on IRC: #rkt-dev on freenode.org
  • For more details on rkt development plans, check out the GitHub milestones

Most discussion about rkt development happens on GitHub via issues and pull requests. The rkt developers also host a semi-regular community sync meeting open to the public. This sync usually features demos, updates on the roadmap, and time for anyone from the community to ask questions of the developers or share users stories with others. For more details, including how to join and recordings of previous syncs, see the sync doc on Google Docs.

Contributing to rkt

rkt is an open source project and contributions are gladly welcomed! See the Hacking Guide for more information on how to build and work on rkt. See CONTRIBUTING for details on submitting patches and the contribution workflow.


Unless otherwise noted, all code in the rkt repository is licensed under the Apache 2.0 license. Some portions of the codebase are derived from other projects under different licenses; the appropriate information can be found in the header of those source files, as applicable.

Security disclosure

If you suspect you have found a security vulnerability in rkt, please do not file a GitHub issue, but instead email security@coreos.com with the full details, including steps to reproduce the issue. CoreOS is currently the primary sponsor of rkt development, and all reports are thoroughly investigated by CoreOS engineers. For more information, see the CoreOS security disclosure page.

Known issues

Due to limitations in the Linux kernel, using rkt's overlay support on top of an overlay filesystem requires the upperdir and workdir to support the creation of trusted.* extended attributes and valid d_type in readdir responses (see kernel/Documentation/filesystems/overlayfs.txt). When starting rkt inside rkt this means that either:

  • the inner /var/lib/rkt directory needs to be mounted on a host volume.
  • the outer or inner rkt container needs to be started using --no-overlay.

Due to a bug in the Linux kernel, using rkt when /var/lib/rkt is on btrfs requires Linux 4.5.2+ (#2175).

Due to a bug in the Linux kernel, using rkt's overlay support in conjunction with SELinux requires a set of patches that are only currently available on some Linux distributions (for example, CoreOS Linux). Work is ongoing to merge this work into the mainline Linux kernel (#1727).

Linux 3.18+ is required to successfully garbage collect rkt pods when system services such as udevd are in a slave mount namespace (see lazy umounts on unlinked files and directories and #1922).