Add support for TUN/TAP devices inside Sysbox containers

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.

Apache License 2.0

2.78k stars 152 forks source link

Add support for TUN/TAP devices inside Sysbox containers #534

Open ctalledo opened 2 years ago

ctalledo commented 2 years ago

Several users have requested support for allowing the creation of TUN/TAP devices inside a Sysbox container.

This currently does not work as the Linux kernel does not allow mknod inside the user-namespace (which Sysbox uses in all containers).

This epic calls for implementing this feature. @rodnymolina has done some work on it already, so assigning it to him.

jezZu13 commented 2 months ago

is this still in plan?

Melkor333 commented 2 months ago

Not opening a new ticket because it's the same underlying issue. But some tools (in my case tools to test debian packages, like piuparts) want to manually create a /dev/null with mknod and therefore fail as well:

$ mknod -m 666 ${CHROOT_PATH}/dev/null c 1 3
mknod: /tmp/debian-chroot/dev/null: Operation not permitted

ctalledo commented 2 months ago

No updates yet unfortunately, @rodnymolina and I have been busy with other tasks. Sorry :(

Open to any contributions on this though.

Melkor333 commented 2 months ago

No updates yet unfortunately, @rodnymolina and I have been busy with other tasks. Sorry :(

Open to any contributions on this though.

It's OSS, no expectations :)

My issue is not that important right now but I hope it gains some relevance in a few months. If you have a pointer to a PR which implemented something similar or some files in the codebase that might be relevant to it, that would be very helpful (and motivating :D) to see if I could do something...