Skip to content

Flakebi/container-store

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 

Repository files navigation

container-store

This is a utility for NixOS. It is easy to run applications in isolation on NixOS. However, when applications use the nix store of the root filesystem, they have access to the whole system configuration.

To limit this access, container-store creates an overlay over /nix/store/ and removes any paths which are not needed. Additionally, the access rights are set to execute only --x, which means applications cannot list the contents.

Usage

By default, container-store creates overlays in /var/lib/container-stores. This can be changed by passing --root <path>.

The arguments are paths pointing into the nix store. These paths and their dependencies will be preserved in the overlay while the rest is deleted. The dependencies are computed by nix-store -qR <paths>.

License

Licensed under either of

at your option.

About

Limit access to the nix store for containers by creating overlay filesystems

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages