Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tailhook/unshare

The low-level linux containers creation library for rust
https://github.com/tailhook/unshare

containers linux namespaces process supervision unshare

Last synced: 15 days ago
JSON representation

The low-level linux containers creation library for rust

Host: GitHub
URL: https://github.com/tailhook/unshare
Owner: tailhook
License: apache-2.0
Created: 2015-08-15T13:15:40.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2023-06-13T21:46:50.000Z (over 1 year ago)
Last Synced: 2024-04-16T05:49:23.368Z (7 months ago)
Topics: containers, linux, namespaces, process, supervision, unshare
Language: Rust
Homepage:
Size: 7.02 MB
Stars: 121
Watchers: 7
Forks: 26
Open Issues: 11
Metadata Files:
- Readme: README.md
- License: LICENSE-APACHE

Awesome Lists containing this project

README

        Rust Unshare

============

*Status:* 90% feature-complete, works in production in [lithos][1] and powers [vagga][2]

[Github](https://github.com/tailhook/unshare) |

[Documentaion](http://docs.rs/unshare) |

[Crate](https://crates.io/crates/unshare)

Unshare is a low-level library to create linux containers.

It contains the following:

* Process creation interface similar to `std::process::Command`

* Unsharing arbitrary linux namespaces

* Ability to change root (`chroot/pivot_root`), `uid`, `gid`, `gid_map`

* Some signal mask handling (especially for new processes)

* Forwarding file descriptors and other unixy stuff (sessions, terminals)

* Setting few important prctl flags (`PR_SET_PDEATHSIG`)

* Runs both as root user and as unprivileged user

Not implemeneted yet:

* Fine grained capabilities control (currently you may change user or use

  user namespaces)

The following is considered:

* Capture input (should be, because part of ``std::process`` interface)

* Pseudo tty creation for child

* The `unshare` and `setns`

The following is out of scope:

* mounting file systems

* setting up network

* in-container and out of container supervision

* handing child signals

[1]: http://lithos.readthedocs.org

[2]: http://vagga.readthedocs.org

License

=======

Licensed under either of

 * Apache License, Version 2.0, (./LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)

 * MIT license (./LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

------------

Unless you explicitly state otherwise, any contribution intentionally

submitted for inclusion in the work by you, as defined in the Apache-2.0

license, shall be dual licensed as above, without any additional terms or

conditions.