rootlesskit icon indicating copy to clipboard operation
rootlesskit copied to clipboard
verified publisher icon rootless-containers

remove dependency on /sbin/ip binary

Open AkihiroSuda opened this issue 6 years ago • 5 comments

AkihiroSuda avatar Jan 08 '19 11:01 AkihiroSuda

@AkihiroSuda Is this still actual?

Zyqsempai avatar Jan 06 '20 10:01 Zyqsempai

yes, we should still do this ideally (but tricky because of nsenter stuff)

AkihiroSuda avatar Jan 06 '20 10:01 AkihiroSuda

@AkihiroSuda What do you think about using those packages: For netlink operations we can use https://godoc.org/github.com/vishvananda/netlink and for nsenter https://godoc.org/github.com/kata-containers/runtime/virtcontainers/pkg/nsenter

By the end we will get something like this

funcToRun := func() error {
	err := netlink.LinkSetUp(tap)
	if err != nil {
		return err
	}

	return nil
}

err = nsenter.NsEnter(nsList, funcToRun)

Zyqsempai avatar Jan 10 '20 10:01 Zyqsempai

You can't nsenter userns in Go.

AkihiroSuda avatar Jan 10 '20 10:01 AkihiroSuda

So, we should have IPC across the parent and the child process to remove nsenter dependency.

AkihiroSuda avatar Jan 10 '20 10:01 AkihiroSuda