.\" Generated by scdoc 1.11.3
.\" Complete documentation for this program is not available as a GNU info page
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "SYD-OCI" "1" "2025-02-14"
.PP
.SH NAME
.PP
syd-oci - OCI container runtime
.PP
.SH SYNOPSIS
.PP
\fBsyd-oci\fR \fI[OPTIONS]\fR \fI[COMMAND]\fR
.PP
.SH DESCRIPTION
.PP
syd-oci is an OCI container runtime implementation for \fIsyd\fR(1).\&
.PP
All common subcommands are supported: create, start, state, kill,
delete, pause, resume, exec, run, list, ps, spec, events, features,
update and checkpoint.\&
.PP
.SH INTEGRATION
.PP
syd-oci is a thin wrapper around \fIyouki\fR(1) that integrates the \fIsyd\fR(1)
sandbox into containers.\& It is compatible with \fIdocker\fR(1) and
\fIpodman\fR(1).\& To get syd-oci, you should build \fIsyd\fR(1) with the "oci"
feature.\& To use syd-oci with \fIdocker\fR(1) you have two options: Either
start \fIdockerd\fR(8) manually with the option
"--add-runtime=syd-oci=/bin/syd-oci", and do for example
"docker run -it --runtime=syd-oci alpine" when starting containers,
or add the following snippet to your "/etc/docker/daemon.\&json" file:
.PP
.nf
.RS 4
{
"runtimes": { "syd-oci": { "path": "/bin/syd-oci" } },
"default-runtime": "syd-oci"
}
.fi
.RE
.PP
You may need to adapt the path to syd-oci depending on your
installation.\&  To use with \fIpodman\fR(1) is similar, just pass
"--runtime=/bin/syd-oci" as an option to "podman run".\&
.PP
.SH CONFIGURATION
.PP
The configuration directory of syd-oci is one of the following:
.PP
.PD 0
.IP \(bu 4
For system-wide containers: "/etc/syd/oci"
.IP \(bu 4
For rootless containers, one of the following:
  - "${XDG_CONFIG_HOME}/syd/oci" where XDG_CONFIG_HOME is usually "~/.\&config".\&
  - "${HOME}/.\&syd/oci" if XDG_CONFIG_HOME is not set.\&
.PD
.PP
syd-oci attempts to configure the \fIsyd\fR(1) sandbox in the following order,
and parses the first file or profile it locates and stops processing:
.PP
.PD 0
.IP \(bu 4
If hostname and domainname is defined for the container, try to load
"${SYD_CONFIG_DIR}/${hostname}.\&${domainname}.\&syd-3".\&
.IP \(bu 4
If domainname is defined for the container, try to load
"${SYD_CONFIG_DIR}/${domainname}.\&syd-3".\&
.IP \(bu 4
If hostname is defined for the container, try to load
"${SYD_CONFIG_DIR}/${hostname}.\&syd-3".\&
.IP \(bu 4
Try to load "${SYD_CONFIG_DIR}/default.\&syd-3"
.IP \(bu 4
Load the builtin "oci" profile.\&
This profile is designed to be combined with \fIpandora\fR(1) and learning mode.\&
See "syd-cat -p oci" for the list of rules.\&
.PD
.PP
SYD_CONFIG_DIR in the items above refer to the configuration directory.\&
Refer to \fIsyd\fR(5) for the syntax of \fIsyd\fR(1) configuration files and
\fIsyd\fR(2) for a list of configuration items \fIsyd\fR(1) understands.\& A
\fIvim\fR(1) syntax highlighting file is also provided to easily edit
\fIsyd\fR(1) configuration files.\& Use "syd-cat file.\&syd-3" to check a
\fIsyd\fR(1) configuration file for syntax errors.\&
.PP
Finally, note that the "include" directives in the configuration files
are searched within the container image.\& This allows you to provide
additional image-based sandbox configuration.\& One possible use could be
to store cryptographic checksums of all executables and their dependent
dynamic libraries in an include file in the image and then use this with
Force Sandboxing for binary verification, see \fIsyd\fR(7) for more
information on Force Sandboxing.\&
.PP
.SH SEE ALSO
.PP
\fIsyd\fR(1), \fIsyd\fR(2), \fIsyd\fR(5), \fIsyd\fR(7), \fIpandora\fR(1), \fIdocker\fR(1),
\fIdockerd\fR(8), \fIpodman\fR(1), \fIyouki\fR(1)
.PP
.PD 0
.IP \(bu 4
\fBsyd\fR homepage: https://sydbox.\&exherbolinux.\&org/
.IP \(bu 4
\fByouki\fR homepage: https://containers.\&github.\&io/youki/
.PD
.PP
.SH AUTHORS
.PP
Maintained by Ali Polatel.\& Up-to-date sources can be found at
https://gitlab.\&exherbo.\&org/sydbox/sydbox.\&git and bugs/patches can be
submitted to https://gitlab.\&exherbo.\&org/groups/sydbox/-/issues.\& Discuss
in #sydbox on Libera Chat.\&