Fork me on GitHub

These docs are deprecated while they are being migrated to Red Hat. For the most up to date docs, please see the corresponding GitHub repository.

Running Containers with rkt

rkt Commands

Configuration

Guiding Principles

Hacking on rkt

rkt Design Proposals

rkt and the Trusted Platform Module

rkt supports measuring container state and configuration into the Trusted Platform Module (TPM) event log. Enable this functionality by building rkt with the --enable-tpm=yes option to ./configure. rkt accesses the TPM via the tpmd executable available from the go-tspi project. This tpmd is expected to listen on port 12041.

Events are logged to PCR 15, with event type 0x1000. Each event contains the following data:

The hash of the container root filesystem
The hash of the contents of the container manifest data
The hash of the arguments passed to stage1

This provides a cryptographically verifiable audit log of the containers executed on a node, including the configuration of each.