Project Atomic is now sunset

The Atomic Host platform is now replaced by CoreOS. Users of Atomic Host are encouraged to join the CoreOS community on the Fedora CoreOS communication channels.

The documentation contained below and throughout this site has been retained for historical purposes, but can no longer be guaranteed to be accurate.

Project News

Practical SELinux and Containers

by Dan Walsh

I believe SELinux is the best security measure we currently have for controlling access between standard Docker containers. Of course, I might be biased.

All of the security separation measures are nice, and should be enabled for security in depth, but SELinux policy prevents a lot of break out situations where the other security mechanisms fail. With SELinux on Docker, we write policy that says that the container process running as svirt_lxc_net_t can only read/write svirt_sandbox_file_t by default (there are some booleans to allow it to write to network shared storage, if required, like for NFS). This means that if a process from a Docker container broke out of the container, it would only be able to write to files/directories labeled svirt_sandbox_file_t. We take advantage of Multi-Category Security (MCS) separation to ensure that the processes running in the container can only write to svirt_sandbox_file_t files with the same MCS Label: s0.

Read More »

vagrant-service-manager Plugin Version 0.0.3 Released

by Brian (bex) Exelbierd

Version 0.0.3 of the vagrant-service-manager plugin has been released by Project Atomic.

The vagrant-service-manager plugin works in conjunction with the Atomic Developer Bundle (ADB) to provide a Linux container development environment. The plugin is used to display the configuration information of services present in ADB. This plugin replaces the previously released vagrant-adbinfo plugin.

The plugin displays the configuration details for the Docker and other container-related services running inside of the ADB. This information can be used by a CLI client, such as docker or oc, or by an IDE, such as Eclipse, to interact with the ADB.

Read More »

New CentOS Atomic Host Images Available for Download

by Jason Brooks

The CentOS Atomic SIG has released new images and an updated filesystem tree for CentOS Atomic Host. This includes a patched glibc and a refreshed set of Kubernetes packages, among other updates. All users running CentOS Atomic Host in production should update as soon as possible.

An updated version of CentOS Atomic Host (version 7.20160224) is now available for download. CentOS Atomic Host is a lean operating system designed to run Docker containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

Read More »

Project Atomic in GSOC 2016

by Josh Berkus

Project Atomic will be participating in Google Summer of Code for the first time this year. So if you are a student, consider spending your summer (or winter in the Southern hemisphere) hacking on container technology. If you know a student, encourage them to apply.

We are participating as part of Fedora, so specifically we’re looking for work on any or all of the projects which are part of Fedora Atomic Host. We have a list of ideas on our GSOC Page, and more detail on the Fedora GSOC Ideas wiki page. But, of course, you may have even better ideas for an interesting project!

Read More »