runrootless issues

unsure what pre-req's are needed for this to work

5

So, I _think_ this needs user namespaces enabled to work - which in my situation is thus not "fully rootless" - the user needs to convince the admins that this...

SvenDowideit

RFC: consider renaming the project (runROOTLESS -> runFULLYROOTLESS?)

3

The current project name runROOTLESS is confusing because the upstream runc supports rootless as well but in a different way. RFC cc @cyphar

AkihiroSuda

memo: benchmark

1

image | command | regular runc (root) [(config)](https://gist.github.com/AkihiroSuda/439b8ff32fe4d2dea7d00499f583eeb2) | runrootless | runrootless+seccomp -- | -- | -- | -- | -- docker gentoo/stage3-amd64 | `emerge --sync` | 52s | 1m43s...

AkihiroSuda

memo

Support `runc exec`

Currently, `runc exec` is not hooked. Ideally we should use a single proot instance, but injecting another instance should be ok now

AkihiroSuda

enhancement

modify an OCI bundle rather than a whole new wrapper script

https://github.com/projectatomic/buildah/issues/386#issuecomment-356171230 @cyphar: > @AkihiroSuda Have you considered making runrootless a tool that will modify an OCI bundle rather than a whole new wrapper script? In principle you would only need...

AkihiroSuda

enhancement

runrootless
runrootless copied to clipboard

Metadata

unsure what pre-req's are needed for this to work

RFC: consider renaming the project (runROOTLESS -> runFULLYROOTLESS?)

memo: benchmark

Support `runc exec`

modify an OCI bundle rather than a whole new wrapper script

← Metadata

Owner

Metadata

runrootless runrootless copied to clipboard

Metadata

unsure what pre-req's are needed for this to work

RFC: consider renaming the project (runROOTLESS -> runFULLYROOTLESS?)

memo: benchmark

Support `runc exec`

modify an OCI bundle rather than a whole new wrapper script

← Metadata

Owner

Metadata

runrootless
runrootless copied to clipboard