Open morganllewellynjones opened 5 months ago
Podman circumnavigates root privileges by using a network system called slirp4netns. It connects to the network using only non-privileged ports. That said, the unshare and mount commands are still needed and require root privileges. I'm not sure if Podman or Docker actually do circumnavigate root privileges entirely, or if they just isolate the root privileges better. Maybe the network doesn't use root privilege but the container daemon still does.
Update: We unshare the user space first and then perform the rest of the commands in a separate user space. We provide a uuid mapping to create additional users within the new user space as necessary.
Because this program doesn't actually setup a network (the network is created in a separate bash script). There is no reason the rust code needs to run with sudo privileges. This should be a quick update.
Currently the system calls require root privileges to access, but ideally the program should not force the user to explicitly call sudo or otherwise establish root privileges to run.