-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: re-exec if rootless using nsenter #950
base: main
Are you sure you want to change the base?
Conversation
@Kern-- is this the correct way to go? |
1 similar comment
@Kern-- is this the correct way to go? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The overall direction looks right. A few comments on dependency updates and license requirements.
I'd also like to see that this works for building indexes too (I think it should, but just to be sure)
cmd/soci/main.go
Outdated
if err := app.Run(os.Args); err != nil { | ||
fmt.Fprintf(os.Stderr, "soci: %v\n", err) | ||
os.Exit(1) | ||
} | ||
} | ||
|
||
func parentMain() error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like a lot of this code came directly from nerdctl. That's fine since it's apache 2.0, but we need to add a comment that indicates where this came from and a note about the license/copywrite.
If we can pull this out into another file, it's pretty easy to mark it with a header like:
Lines 1 to 31 in 6dcfca7
/* | |
Copyright The Soci Snapshotter Authors. | |
Licensed under the Apache License, Version 2.0 (the "License"); | |
you may not use this file except in compliance with the License. | |
You may obtain a copy of the License at | |
http://www.apache.org/licenses/LICENSE-2.0 | |
Unless required by applicable law or agreed to in writing, software | |
distributed under the License is distributed on an "AS IS" BASIS, | |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
See the License for the specific language governing permissions and | |
limitations under the License. | |
*/ | |
/* | |
Copyright The containerd Authors. | |
Licensed under the Apache License, Version 2.0 (the "License"); | |
you may not use this file except in compliance with the License. | |
You may obtain a copy of the License at | |
http://www.apache.org/licenses/LICENSE-2.0 | |
Unless required by applicable law or agreed to in writing, software | |
distributed under the License is distributed on an "AS IS" BASIS, | |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
See the License for the specific language governing permissions and | |
limitations under the License. | |
*/ |
cmd/go.mod
Outdated
@@ -3,7 +3,7 @@ module github.com/awslabs/soci-snapshotter/cmd | |||
go 1.20 | |||
|
|||
require ( | |||
github.com/awslabs/soci-snapshotter v0.0.0-local | |||
github.com/awslabs/soci-snapshotter v0.4.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't look right. Can we reduce the dependency changes down to just the ones needed for rootless?
It looks like there was a larger update here.
Is the intention of this to be able to use rootless containerd with soci? If so, would we also have to make the daemon usable without root? Just curious on the general direction of this PR. |
Signed-off-by: Tuan Anh Tran <[email protected]>
Signed-off-by: Tuan Anh Tran <[email protected]>
Signed-off-by: Tuan Anh Tran <[email protected]>
ac60f00
to
3d662d8
Compare
Signed-off-by: Tuan Anh Tran <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the delayed response. I think we will need to work with the nerdctl maintainers on this.
@@ -6,6 +6,7 @@ require ( | |||
github.com/containerd/containerd v1.7.8 | |||
github.com/containerd/continuity v0.4.3 | |||
github.com/containerd/log v0.1.0 | |||
github.com/containerd/nerdctl v1.7.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this creates a circular dependency in nerdctl. Maybe we should see if we can get the rootless util package in a separate module.
Issue #, if available:
Fixes: #687
Description of changes:
Testing performed:
I setup containerd rootless mode, nsenter and then run soci-snapshoter in there.
Tested
index list
commandNeed to create another PR for snapshotter too if this works
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.