rootless-containers
unsure what pre-req's are needed for this to work
So, I think this needs user namespaces enabled to work - which in my situation is thus not "fully rootless" - the user needs to convince the admins that this is reasonable (and thus takes time)
Assuming I'm correct, would it be reasonable to mention this in the README?
I'm also wondering if the fork of PRoot is necessary anymore, or if the changes could be merged upstream? @oxr463 ?
the user needs to convince the admins that this is reasonable (and thus takes time)
Most distros except Arch and Debian enable user namespace by default, so no need to convince the admins
if the changes could be merged upstream?
Yes, and thanks for opening https://github.com/proot-me/proot/pull/204 :+1:
But at least we should get https://github.com/rootless-containers/PRoot/issues/2 fixed, that's why I didn't open PR for upstreaming. The issue isn't so hard to be fixed, but I couldn't find time to work on the issue 😅
One of my target users are HPC systems and non-technical users, so I'm looking to hedge my bets a bit.
small steps :)
I'm not 100% convinced they know what is and isn't - most HPC tool builders seem to me to obfuscate what they're doing :/ My goal is to give choices that range from it works, and we'll learn more, all the way to fully modern usage
the pain points are that users won't talk to the admins until its too late (ie, if it fails, they don't ask for help, they try somewhere else), and the admin's first focus is "nope, you can't use that as it runs as root"
So TBH, i dunno - and IDK if its needed most of the time - but I hope to make a single binary that works most of the time - degrading from full on k8s/swarm down to oh god, i don't have root, and namespaces are off, and i need to run this now to get the report out the door
I would love to see this upstream! I will wait until that issue @AkihiroSuda mentioned is resolved before I merge that PR.
