rootlesskit
rootlesskit copied to clipboard
rootless-containers
Linux-native "fake root" for implementing rootless containers
We should have a test script to ensure that FDs and Go routines are cleaned up as expected after a heavy workload.
We want to run rootlesskit inside a docker container, to be able to run a docker daemon there (for integreation tests) I know that I can run the container that...
https://github.com/rootless-containers/rootlesskit/blob/925dd4fd77d7a8a1cd18945174d22bbd2a0d9a86/pkg/network/slirp4netns/slirp4netns.go#L169-L171 stderr is printed as expected, but stdout is not. slirp4netns: v1.0.1
https://salsa.debian.org/go-team/packages/rootlesskit/-/blob/74020a391d57ffc8d7154a534c0894d1057947ab/debian/patches/0003-disable-vpnkit.patch https://salsa.debian.org/go-team/packages/rootlesskit/-/blob/74020a391d57ffc8d7154a534c0894d1057947ab/debian/patches/0004-Disable-lxcusernic.patch These kinds of changes should be possible with go build tags like `go build -tags "no_network_vpnkit no_network_lxcusernic"`
It turned out that running `rootlesskit --net=slirp4netns` inside container requires unmasked sysfs, so as to mount sysfs with expected `/sys/class/net` entries. https://github.com/rootless-containers/rootlesskit/pull/23#issuecomment-429336304
The current benchmark suite just measures throughput of `ipef3 -c hostLoopbackIP`. https://github.com/rootless-containers/rootlesskit/blob/9a00d4adebc77511aeaa7abe8fce5a5397f91eb4/hack/test/docker-entrypoint.sh#L14 We should also measure apt-get-ish workloads with real repo servers on the Internet.
* Support specifying `--mac=01:23:45:67:89:AB` * By default, (the lower 24 bits of?) the MAC should be computed from the hash of `--state-dir`?
Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.19.2 to 2.20.2. Release notes Sourced from github.com/urfave/cli/v2's releases. v2.20.2 What's Changed Fix:(issue_1206) Default value shouldnt depend on env variable or val… by @dearchap in urfave/cli#1528 Full...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
We're using Rootless DinD running on EKS worker nodes. We're intermittently getting the following failure: ``` main.main.func2 /tmp/tmp.ccni3BnQLU/pkg/mod/github.com/rootless-containers/[email protected]/cmd/rootlesskit/main.go:213 github.com/urfave/cli/v2.(*App).RunContext /tmp/tmp.ccni3BnQLU/pkg/mod/github.com/urfave/cli/[email protected]/app.go:322 github.com/urfave/cli/v2.(*App).Run /tmp/tmp.ccni3BnQLU/pkg/mod/github.com/urfave/cli/[email protected]/app.go:224 main.main /tmp/tmp.ccni3BnQLU/pkg/mod/github.com/rootless-containers/[email protected]/cmd/rootlesskit/main.go:222 runtime.main /usr/local/go/src/runtime/proc.go:250 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1571 time="2022-10-03T21:27:19Z" level=debug...
This PR will add net `bridge` driver support. The driver almost similar with `lxc-user-nic` but without attaching connectivity between host namespace with target namespace. The connectivity need to be configured...
Metadata
Owner
Metadata
Linux-native "fake root" for implementing rootless containers