Running with Docker (Linux)

You can run the yeet daemon inside a Docker container on a Linux host. Because yeet reads from /proc, uses the BPF filesystem, and needs visibility into host processes, the container requires a few specific flags.

Dockerfile

FROM ubuntu:latest

RUN apt update && apt install -y \
  curl \
  libelf-dev

RUN curl -fsSL https://yeet.cx | sh

WORKDIR /yeet
ADD ./entrypoint.sh .
ENTRYPOINT ["./entrypoint.sh"]

libelf-dev is required for eBPF program loading.

Entrypoint

The entrypoint starts the daemon and handles cleanup on exit:

#!/usr/bin/env bash
set -euo pipefail

goodbye() {
  yeet logout --delete-host
  kill -TERM "$yeetd_pid" 2>/dev/null
}

trap goodbye TERM
trap goodbye INT

setsid /usr/sbin/yeetd &
yeetd_pid="$!"

wait "$yeetd_pid"
exit "$?"

setsid gives the daemon its own session so it isn't killed when the shell exits. The goodbye trap logs out and cleans up the host entry before the container stops.

Running the container

docker run \
  -e YEET_AUTH_KEY=<your-auth-key> \
  -v /proc:/proc \
  -v /sys/fs/bpf:/sys/fs/bpf \
  --pid=host \
  --privileged \
  -it yeet

Flag	Why it's needed
`-e YEET_AUTH_KEY`	Authenticates the daemon without an interactive login.
`-v /proc:/proc`	Gives the daemon access to the host process tree and system stats.
`-v /sys/fs/bpf:/sys/fs/bpf`	Mounts the BPF filesystem, required for eBPF features.
`--pid=host`	Shares the host PID namespace so all processes are visible.
`--privileged`	Required for loading BPF programs.

Authentication

YEET_AUTH_KEY is a non-interactive auth token. You can generate one at yeet.cx/settings.

Dockerfile​

Entrypoint​

Running the container​

Authentication​

Dockerfile

Entrypoint

Running the container

Authentication