Wolfi OS - Secure base layer for containers
Daniel Nashed – 2 April 2025 15:56:50
This project is pretty cool. It's a container only OS using the kernel from the host.
But it has a couple of really interesting design goals.
https://github.com/wolfi-dev/
They build container base images with the minimum number of packages and "CVE free" as much as possible.
So their own containers for NGINX for example really only have NGINX and nothing around it -- not even a shell unless you install a :latest-dev container.
In contrast to Alpine Linux this project supports glibc based applications.
So in theory it could also run Domino. When trying it out the NSD script had issues, but the Domino server itself worked.
The NSD script has some history starting with HP-UX, Solaris and AIX and requires certain Linux command-line tools.
But this container Linux is interesting for many other use cases building containers.
I tested all my C/C++ based code projects, which do not use any Domino code. Including applications with OpenSSL code.
There are also ready to use containers like NGINX with zero CVEs currently.
Many of the containers are only for paying customers. But the NGINX container and also for example the Go container are free.
Some containers have a FIPS version, that isn't free.
Base Image
docker pull cgr.dev/chainguard/wolfi-base
NGINX container
https://images.chainguard.dev/directory/image/nginx/versions
docker pull cgr.dev/chainguard/nginx
Go container
https://images.chainguard.dev/directory/image/go/versions
docker pull cgr.dev/chainguard/go
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}