rootlesskit
rootlesskit copied to clipboard
rootless-containers
Linux-native "fake root" for implementing rootless containers
Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.27.4 to 2.27.5. Release notes Sourced from github.com/urfave/cli/v2's releases. v2.27.5 What's Changed docs(flag): add UseShortOptionHandling description by @BlackHole1 in urfave/cli#1956 [Backport] Fix: Use $0 env var to...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.25.0 to 0.26.0. Commits 23b0dab unix: mark vgetrandom as non-escaping cbf0eb6 unix: fix grep syntax to work on non-GNU greps e7397b9 unix: update to Linux 6.11 981de40...
Silence a govulncheck false alarm (not exploitable as portmap plugin is not imported as a library in RootlessKit) ```console $ govulncheck ./... === Symbol Results === Vulnerability #1: GO-2025-4222 CNA...
Currently, using the `gvisor-tap-vsock` port driver adds a userspace TCP proxy, which reduces throughput from `~6.5 Gbit/s` to `~4.0 Gbit/s` due to extra copies and wakeups. It seems possible to...
Port forwarding fails under high concurrency load. Using ApacheBench with high concurrency causes the container to stop accepting connections. Steps to reproduce: - Start a rootless container with NGINX exposed...
Hi, it is unclear to me why the reaper requires a pidns to function. It seems like it would be possible to still reap child processes via waitpid? Unless I...
- `--net=auto`: pick up `gvisor-tap-vsock` if it is compiled in (and after it graduates from experimental) - `--net=auto --ipv6`: pick up `slirp4netns` ? `pasta`?
Rootlesskit assigns ipv4 address and routes for ipv4, but not for ipv6, this PR address IPv6 issue. Some tools like slirp4netns could assign ip address, routes, but rootlesskit doesn't request...
Would the rootlesskit project consider checking in vendored go dependencies using https://go.dev/ref/mod#vendoring? If so would you accept a PR to add this?
Metadata
Owner
Metadata
Linux-native "fake root" for implementing rootless containers