「 须臾水面明月出,沧江万顷琉璃寒 」
For production, I fully recommand you to use tools like crun, youki, containerd, docker, podman, LXC, bubblewrap, they are more secure and stable. This is a non-OCI tool and, you take your own risk using it when you really need. The whole project is experimental!
* Your warranty is void.
* I am not responsible for anything that may happen to your device by using this program.
* You do it at your own risk and take the responsibility upon yourself.
* This project is open source, you can make your own fork/rewrite but not to blame the author.
* This program has no Super Cow Powers.
If you think something does not work as expected, please open a new isssue
See Asking LLM for how to ask LLM about ruri.
Was a toy, to be a tool.
ruri is pronounced as luli, or you can call it [瑠璃/琉璃] (るり) in Chinese or Japanese as well.
ruri is acronym to Lightweight, User-friendly Linux-container Implementation.
ruri is a powerful container implementation that runs on almost any Linux device, even with incomplete kernel configurations or minimal storage space.
rurima was planned to be the ruri manager, but since it now has a full integration of ruri, you can use it as an enhanced version of ruri. Note that rurima is still WIP.
-
Powerful Features
- Supports chroot, unshare with pivot_root, capability control, cgroups, no_new_privs, environment/user/workdir setup, seccomp, and more.
- Built-in binfmt_misc & QEMU for easy multi-arch containers.
- Rootless mode (requires user namespaces).
- Flexible mount options: mount images/partitions, set mountpoints as read-only or rw.
- Config file support.
-
Ultra-lightweight & Zero Dependencies
- Only optional
uidmapneeded for rootless mode; all other features are built-in. - Statically linked binaries for many architectures.
- Very small binary size (even <200k with upx), yet over 30 options.
- Only optional
-
Flexible & Cross-platform
- Runs on rooted Android, IoT, amd64, s390x, and more, just needs root.
-
Secure by Design
- Rootless containers, security options, and read-only filesystem support.
-
Simple for Beginners
- Can replace
chrootdirectly; easy to use without learning every option.
- Can replace
You can get ruri binary (statically linked) for arm64, armv7, armhf, riscv64, i386, loong64, s390x, ppc64le and x86_64 devices in Release. Or you can run the following command to download ruri automatically
. <(curl -sL https://get.ruri.zip/ruri)This will automatically download ruri binary to ./ruri.
See USAGE to explore all features of ruri.
See Enhance Container Security.
Ruri provides statically linked binary, but if you want to build it yourself, see Build.
ruri is ready to integrate into other projects, with the MIT License, it is compatiblte to be redistribute with almost all license, or commercial/closed source. An example is ruri's own build action , it runs containers for 9 different architectures to build itself, that shows its broad application prospects. Another example is rurima, I made ruri built-in for it, so it can be run as a subcommand. See Integration for a guide to integrate ruri into your projects.
After initing the container, ruri will create a file /.rurienv by default, this config can unify container config, but it will also cover some of the command-line args, you can use --no-rurienv to disable it, or see rurienv.md to see its behavior.
You might cannot remove this file unless you run chattr -i .rurienv, but don't worry, after umounting conainer by ruri -U, this config file will be removed automatically.
If you want to change the container config, just use -U to umount it and re-run the container.
. <(curl -sL https://get.ruri.zip/rurima)
./rurima lxc pull -o alpine -v edge -s /tmp/alpine
sudo ruri /tmp/alpine
In container:
rm test/etc/resolv.conf
echo nameserver 1.1.1.1|tee test/etc/resolv.confsudo ruri -u /tmp/alpine
Very simple as you can see.
For command line examples, please see ruri -H.
# Run chroot container
sudo ruri /tmp/alpine
# Very simple as you can see.
# About the capabilities
# Run privileged chroot container
sudo ruri -p /tmp/alpine
# If you want to run privileged chroot container,
# but you don't want to give the container cap_sys_chroot privileges
sudo ruri -p -d cap_sys_chroot /tmp/alpine
# If you want to run chroot container with common privileges,
# but you want cap_sys_admin to be kept
sudo ruri -k cap_sys_admin /tmp/alpine
# About unshare
# Unshare container's capability options are same with chroot.
# Run unshare container
sudo ruri -u /tmp/alpine
# Finally, umount the container
sudo ruri -U /tmp/alpine
On AMD Ryzen 5 5500U, Windows 11, Ubuntu 22.04.5 WSL 2
# uname -m
x86_64
# /usr/bin/time -f "Time: %E\nMax memory: %M KB" ./ruri ../t /bin/true
Time: 0:00.01
Max memory: 860 KB
| ruri | crun | % | |
|---|---|---|---|
| (noupx) | 454K | 3.0M | -84.9% |
| (withupx) | 147K | 1.3M | -88.7% |
| Alphabet | ruri used | % |
|---|---|---|
| 52 | 44 | 85% |
License of code
- Licensed under the MIT License
- Copyright (c) 2022-2025 Moe-hacker
License of clang-format config file
- GPL-2.0
「 咲誇る花 美しく、
散り行く運命 知りながら、
僅かな時の彩を 」
(>_×)