{"id":18497913,"url":"https://github.com/containers/conmon-rs","last_synced_at":"2025-04-05T23:12:26.797Z","repository":{"id":37086894,"uuid":"418701313","full_name":"containers/conmon-rs","owner":"containers","description":"An OCI container runtime monitor written in Rust","archived":false,"fork":false,"pushed_at":"2024-05-01T12:28:37.000Z","size":5864,"stargazers_count":165,"open_issues_count":23,"forks_count":41,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-05-02T02:26:14.844Z","etag":null,"topics":["containers","kubernetes","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/containers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-18T23:28:11.000Z","updated_at":"2024-05-03T12:42:37.758Z","dependencies_parsed_at":"2023-10-04T13:17:27.301Z","dependency_job_id":"df6d9c04-30d4-4367-89c5-8b177c979601","html_url":"https://github.com/containers/conmon-rs","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fconmon-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fconmon-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fconmon-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fconmon-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containers","download_url":"https://codeload.github.com/containers/conmon-rs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247411239,"owners_count":20934653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","kubernetes","rust"],"created_at":"2024-11-06T13:36:36.710Z","updated_at":"2025-04-05T23:12:21.788Z","avatar_url":"https://github.com/containers.png","language":"Rust","funding_links":[],"categories":["kubernetes","Rust"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg  height=\"200\" src=\"./.github/logo/conmon-rs.png\"\u003e\u003c/p\u003e\n\n[![ci](https://github.com/containers/conmon-rs/workflows/ci/badge.svg)](https://github.com/containers/conmon-rs/actions)\n[![gh-pages](https://github.com/containers/conmon-rs/workflows/gh-pages/badge.svg)](https://github.com/containers/conmon-rs/actions)\n[![codecov](https://codecov.io/gh/containers/conmon-rs/branch/main/graph/badge.svg)](https://codecov.io/gh/containers/conmon-rs)\n[![dependencies](https://deps.rs/repo/github/containers/conmon-rs/status.svg)](https://deps.rs/repo/github/containers/conmon-rs)\n[![builds](https://img.shields.io/badge/packages-copr-orange.svg)](https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/package/conmon-rs)\n[![docs](https://img.shields.io/badge/docs-main-blue.svg)](https://containers.github.io/conmon-rs/conmonrs/index.html)\n[![go-docs](https://godoc.org/github.com/containers/conmon-rs?status.svg)](https://pkg.go.dev/github.com/containers/conmon-rs/pkg/client)\n\nA pod level OCI container runtime monitor.\n\nThe goal of this project is to provide a container monitor in Rust. The scope of conmon-rs encompasses the scope of the c iteration of\n[conmon](https://github.com/containers/conmon), including daemonizing, holding open container standard streams, writing the exit code.\n\nHowever, the goal of conmon-rs also extends past that of conmon, attempting to become a monitor for a full pod (or a group of containers).\nInstead of a container engine creating a conmon per container (as well as subsequent conmons per container exec), the engine\nwill spawn a conmon-rs instance when a pod is created. That instance will listen over an UNIX domain socket for new requests to\ncreate containers, and exec processes within them.\n\n## Obtain the latest version\n\nWe provide statically linked binaries for every successfully built commit on\n`main` via our [Google Cloud Storage Bucket][bucket]. Our provided [get\nscript](scripts/get) can be used to download the latest version:\n\n```console\n\u003e curl https://raw.githubusercontent.com/containers/conmon-rs/main/scripts/get | bash\n```\n\nIt is also possible to select a specific git SHA or the output binary path by:\n\n```console\n\u003e curl https://raw.githubusercontent.com/containers/conmon-rs/main/scripts/get | \\\n    bash -s -- -t $GIT_SHA -o $OUTPUT_PATH\n```\n\nThe script automatically verifies the created sigstore signatures if the local\nsystem has [`cosign`](https://github.com/sigstore/cosign) available in its\n`$PATH`.\n\n[bucket]: https://console.cloud.google.com/storage/browser/cri-o/conmon-rs\n\nMore information about how to use conmon-rs can be found in the\n[usage documentation](usage.md).\n\nIf you want to create a new conmon-rs release, please refer to the [release\ndocumentation](release.md).\n\n## Architecture\n\nThe whole application consists of two main components:\n\n1. The Rust server: [conmon-rs/server](./conmon-rs/server) ([docs](https://containers.github.io/conmon-rs/conmonrs/struct.Server.html))\n1. A golang client: [pkg/client](./pkg/client) ([docs](https://pkg.go.dev/github.com/containers/conmon-rs/pkg/client#ConmonClient))\n\nThe golang client should act as main interface while it takes care of creating\nthe server instance via the Command Line Interface (CLI) as well as\ncommunicating to the server via [Cap’n Proto](https://capnproto.org). The client\nitself hides the raw Cap’n Proto parts and exposes dedicated golang structures\nto provide a clean API surface.\n\nThe following flow chart explains the client and container creation process:\n\n\u003cp align=\"center\"\u003e\u003cimg src=\".github/img/conmon-rs.png\" height=700 width=auto\u003e\u003c/p\u003e\n\n## Goals\n\n- [x] Single conmon per pod (post MVP/stretch)\n- [x] Keeping RSS under 3-4 MB\n- [x] Support exec without respawning a new conmon\n- [x] API with RPC to make it extensible (should support golang clients)\n- [ ] Act as pid namespace init\n- [ ] Join network namespace to solve running hooks inside the pod context\n- [ ] Use pidfds (it doesn't support getting exit code today, though)\n- [ ] Use io_uring\n- [ ] Plugin support for seccomp notification\n- [ ] Logging rate limiting (double buffer?)\n- [ ] Stats\n- [ ] IPv6 port forwarding\n\n## Future development\n\nIn the future, conmon-rs may:\n\n- Be extended to mirror the functionality for each runtime operation.\n  - Thus reducing the amount of exec calls that must happen in the container\n    engine, and reducing the amount of memory it uses.\n- Be in charge of configuring the namespaces for the pod\n  - Taking over functionality that\n    [pinns](https://github.com/cri-o/cri-o/tree/main/pinns) has historically\n    done.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fconmon-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontainers%2Fconmon-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fconmon-rs/lists"}