boxer offers stand-alone Linux containerization with no dependencies.
To compile and install boxer on your system, run
make
make install
To place the binary in your working directory instead, run
PREFIX='.' make install
Please note that both make install
calls require root rights
inorder to make the resulting boxer binary a setuid root.
Passing any command to boxer will execute the command inside a fresh container.
boxer COMMAND...
If no command is given, the login shell of the user will be started inside a container instead.
boxer allows you to setup cgroups via command line flags. Flags with the
prefix cgroup.
followed by the name of a cgroup subsystem and its parameter
cause boxer to activate said cgroup inside the container and pass the option's
value to the cgroup subsystem.
The following call
boxer --cgroup.memory.limit_in_bytes=128m --cgroup.cpu.shares=512
activates the memory and cpu cgroup subsystems inside the container, with the container's memory limit set to 128 MB and the container's cpu shares set to 512.
Similar to the cgroup command line flags, boxer supports setting resource
limits via command line flags prefixed with rlimit.
. To view all
resources limits, run the prlimit
command or read the prlimit(2)
manual
page.
The following call
boxer --rlimit.fsize=1m --rlimit.nproc=4k
sets the maximum file size inside the container to 1 MB and the maximum number of processes that can be created inside the container to 4096.
boxer is released under MIT license. You can find a copy of the MIT License in the LICENSE file.