unshare_petbox
| Crates.io | unshare_petbox |
| lib.rs | unshare_petbox |
| version | 0.7.1 |
| source | src |
| created_at | 2023-07-11 05:45:24.697193 |
| updated_at | 2023-07-11 05:45:24.697193 |
| description | The low-level interface for linux namespaces (containers), for using with petbox |
| homepage | https://github.com/ImBearChild/petbox |
| repository | |
| max_upload_size | |
| id | 913514 |
| size | 103,406 |
Yao NianQing (ImBearChild)
documentation
https://docs.rs/unshare-petbox
README
Rust Unshare
This is a bundled version of unshare.
Unshare is a low-level library to create linux containers.
It contains the following:
- Process creation interface similar to
std::process::Command - Unsharing arbitrary linux namespaces
- Ability to change root (
chroot/pivot_root),uid,gid,gid_map - Some signal mask handling (especially for new processes)
- Forwarding file descriptors and other unixy stuff (sessions, terminals)
- Setting few important prctl flags (
PR_SET_PDEATHSIG) - Runs both as root user and as unprivileged user
Not implemeneted yet:
- Fine grained capabilities control (currently you may change user or use user namespaces)
The following is considered:
- Capture input (should be, because part of
std::processinterface) - Pseudo tty creation for child
- The
unshareandsetns
The following is out of scope:
- mounting file systems
- setting up network
- in-container and out of container supervision
- handing child signals