Research a way to run this program without root privileges

morganllewellynjones / container_project

An attempt to create a container runtime similar to Docker run, but in Rust.

0 stars 1 forks source link

Research a way to run this program without root privileges #4

Open morganllewellynjones opened 5 months ago

morganllewellynjones commented 5 months ago

Currently the system calls require root privileges to access, but ideally the program should not force the user to explicitly call sudo or otherwise establish root privileges to run.

morganllewellynjones commented 3 months ago

Podman circumnavigates root privileges by using a network system called slirp4netns. It connects to the network using only non-privileged ports. That said, the unshare and mount commands are still needed and require root privileges. I'm not sure if Podman or Docker actually do circumnavigate root privileges entirely, or if they just isolate the root privileges better. Maybe the network doesn't use root privilege but the container daemon still does.

morganllewellynjones commented 2 months ago

Update: We unshare the user space first and then perform the rest of the commands in a separate user space. We provide a uuid mapping to create additional users within the new user space as necessary.

Because this program doesn't actually setup a network (the network is created in a separate bash script). There is no reason the rust code needs to run with sudo privileges. This should be a quick update.