Add composefs-run a minimal crun based container starter#308
Add composefs-run a minimal crun based container starter#308alexlarsson wants to merge 1 commit into
Conversation
|
In use: |
This is an experiment to see how a composefs native podman run would look. Its around 700 lines, and depends only on crun. It supports a pretty small subset of the "podman run" options, but the ones it has actually cover a great part of the things in wide use. All containers are stateless on the host. There is no database of running containers, etc. All the state for the container are in a tmpfs that is mounted in a namespace and freed automatically on container exit. By default the writable layer of the container is in thet tmpfs as well, but you can pass separate --overlayfs-upperdir/workdir options to store the state somewhere. Assisted-by: Claude Code (Opus 4.6) Signed-off-by: Alexander Larsson <alexl@redhat.com>
alexlarsson
force-pushed
the
composefs-run
branch
from
c36c52a to
c273b4a
Compare
| .context("Making / recursively private")?; | ||
|
|
||
| // Attach the bundle tmpfs and composefs rootfs mount | ||
| let bundle_dir = "/run/composefs-run"; |
There was a problem hiding this comment.
I don't think this hardcoded path is a good idea.
When I looked at the OCI runtime spec...I wondered why the heck it isn't supported to pass a file descriptor for the rootfs mount in a clear way.
Anyways surely at least it's work-aroudable via passing a /proc/self/fd/N?
There was a problem hiding this comment.
I tried to avoid it using /proc/self/fd/N but it didn't work for pivot root in crun. But, we could really use any pre-existing directory for this really.
| }; | ||
|
|
||
| // crun create: set up the container but don't start it yet | ||
| let status = Command::new("crun") |
There was a problem hiding this comment.
Presumably this could also use https://github.com/youki-dev/youki - probably worth having minimal support for configuring it
| repo: &Repository<ObjectID>, | ||
| image: &str, | ||
| ) -> Result<(ObjectID, composefs_oci::OpenConfig<ObjectID>)> { | ||
| let img = if let Some(digest_str) = image.strip_prefix('@') { |
There was a problem hiding this comment.
I think it'd make total sense to have a separate |
|
@cgwalters composefs-examples sounds like a good idea to me. |
2 participants
This is an experiment to see how a composefs native podman run would look. Its around 700 lines, and depends only on crun. It supports a pretty small subset of the "podman run" options, but the ones it has actually cover a great part of the things in wide use.
All containers are stateless on the host. There is no database of running containers, etc. All the state for the container are in a tmpfs that is mounted in a namespace and freed automatically on container exit. By default the writable layer of the container is in thet tmpfs as well, but you can pass separate
--overlayfs-upperdir/workdir options to store the state somewhere.
Note: I'm not sure this is something we want, and if we do, if this is the right places for it (in a separate binary). I'm just putting this out as an idea.