Lib.rs

Network programmingfcnet
#firecracker #networking #micro-vm

app fcnetd

A daemon process that receives rootless connections from fcnetd-client to perform rootful Firecracker microVM networking

by kanpov

2 unstable releases

0.2.0 Dec 1, 2024
0.1.0 Oct 27, 2024

#777 in Network programming

Download history 115/week @ 2024-10-25 24/week @ 2024-11-01 3/week @ 2024-11-08 1/week @ 2024-11-15 113/week @ 2024-11-29 19/week @ 2024-12-06 1/week @ 2024-12-13

96 downloads per month

MIT license

83KB
1.5K SLoC

fcnetd

fcnetd is a binary daemon that runs as root and receives I/O connections by listening asynchronously on a Unix socket with Tokio. While fcnetd runs as root, the socket is chown()-ed to a rootless user so that a rootless application process can connect to fcnetd, thus proxying its networking needs into a separate process without running the whole application as root.

Examples:

  • fcnetd /tmp/fcnetd.sock - listen on /tmp/fcnetd.sock and make available only to root.
  • fcnetd --uid 1000 --gid 100 /tmp/fcnetd.sock - listen on /tmp/fcnetd.sock and make available to UID 1000 and GID 100.
  • fcnetd --password abcde --uid 1000 /tmp/fcnetd.sock - listen on /tmp/fcnetd.sock accessible by UID 1000, additionally authenticate connections with the abcde password.

Dependencies

~9–19MB
~270K SLoC