The Atomic Host platform is now replaced by CoreOS. Users of Atomic Host are encouraged to join the CoreOS community on the Fedora CoreOS communication channels.
The documentation contained below and throughout this site has been retained for historical purposes, but can no longer be guaranteed to be accurate.
I have contributed support for a no-new-privileges option to docker.
This flag has already been included in runc and the Open Container Initiative spec.
The new flag supports, in Docker, a security feature that was added to the Linux kernel back in 2012 under the name no_new_privs.
This post will walk you through the steps to running a runc container using the OCI configuration.
We will walk through two examples. One for running a Fedora container and another for running a Redis container.