README
¶
cot
cot is a convenient way to containerize command line applications with Podman or Docker.
The basic concept is to have a wrapper for docker run that creates a virtual environment
that grossly matches the host environment and gives the containerized process access to
the current directory only.
By default, cot will
- run within an ephemeral Podman or Docker container
- run with the same UID/GID as the current user
- have all capabilities dropped
- have access to the current directory
- have access to
$SSH_AUTH_SOCK - have read-only access the
/etc/hostsfile /tmpand$HOMEwill be persisted in the/tmpdirectory of the host
Build dependencies
Fedora
sudo dnf install golang libselinux-devel
Ubuntu
sudo apt install golang libselinux1-dev
Install
From source
Only standard library and golang.org/x is used.
go get github.com/fnkr/cot/cmd/cot
sudo cp "$(go env GOPATH)/bin/cot" /usr/local/bin/
Via Homebrew
brew install fnkr/public/cot
Usage
This example executes npm install within a container but you can use it
with any tool that can run within a Podman/Docker container.
# You propably want to add this to your ~/.bashrc or ~/.zshrc too.
# cot will refuse to run if called from outside of ~/test or ~/example.
export COT_LIMIT=~/test:~/example
# You can call npm with "cot npm" or link npm to cot and call it just "npm".
sudo ln -sn cot /usr/local/bin/npm
# Done! This will run npm in a container.
npm install
A full list of configuration options can be found in ENVIRONMENT.md.
Custom images
By default the ghcr.io/fnkr/cot image is used.
You can use any image you like, I'd recommend to create your own.
You can use a custom image by setting the COT_IMAGE environment variable.
COT_IMAGE=ubuntu cot uname -a
Directories
Click to show internal directories.
Click to hide internal directories.