Building the Next Generation Container OS

Use immutable infrastructure to deploy and scale your containerized applications. Project Atomic builds OSes, tools, and containers for cloud native platforms.

Buildah, a different way to build containers, is now available for testing.

Learn more!


Atomic Host

Atomic Host provides "immutable infrastructure" for deploying to hundreds or thousands of servers in your private or public cloud. Available in Fedora Atomic Host, CentOS Atomic Host, and Red Hat Atomic Host editions depending on your platform and support needs.

To balance the need between long-term stability and new features, we are providing different releases of Atomic Host for you to choose from.

Get Started

Container Registries

You can get your containerized applications from the CentOS Container Pipeline and the Fedora Layered Image Build Service

Trusted container content from the projects you already trust.

Learn more about Fedora Layered Images

Learn more about CentOS Container Pipeline

Community News

Unprivileged containers with bwrap-oci and bubblewrap

The introduction of user namespaces in the Linux kernel has opened the doors to running containers as default user logins via e.g. ssh or desktop. On Fedora, bwrap-oci lets you make use of this feature, as I will demonstrate.

The concept behind user namespaces is quite simple: UIDs and GIDs in a user namespace are converted to a different set in the parent namespace, so that an application thinks it’s executed as root while instead a non-privileged user is running it. User namespaces are not limited to altering an application’s UID/GID mappings, a user can keep capabilities in the new namespace and together with other namespaces perform privileged operations there that are unprivileged in the parent namespace. For example, an application with a new network namespace can create firewall rules that only affect its namespace. This offers extra security since the container is limited to the user that is running it, so even if something goes wrong the process has no more privileges than the user who runs it (unless things go very wrong!).

Read More »

Fedora Atomic 26 Released

Fedora Atomic 26 is now generally available. This contains updated package versions to match all of the content in Fedora Server 26, as well as updates to the container platforms. While we release updates every 2 weeks, this release contains a collection of major improvements including:

  • latest rpm-ostree with improvements in package layering
  • default to Overlay2 filesystem for better container storage
  • Docker version 1.13.1
  • Latest versions of Cockpit and Atomic CLI

We’re all very excited about the steps forward Atomic Host is taking with this major release. We hope you’re just as excited to try them. Read on for information about software, upgrading, and more.

Read More »

» View older news

Ready to try Atomic?

Get Started