11 releases
| 0.2.1 | Jun 30, 2024 |
|---|---|
| 0.2.0 | Jun 21, 2024 |
| 0.1.8 | Feb 7, 2024 |
| 0.1.1 | Jan 31, 2024 |
#312 in Unix APIs
38 downloads per month
44KB
1K
SLoC
sbox
Tiny Linux containers implementation.
Usage
use std::fs::create_dir_all;
use std::path::PathBuf;
use nix::unistd::{getgid, getuid};
use sbox::{BaseMounts, BinNewIdMapper, Cgroup, Container, InitProcess, OverlayMount};
fn main() {
// Create user namespace mapper for current user with subuids and subgids.
let user_mapper = BinNewIdMapper::new_root_subid(getuid(), getgid()).unwrap();
// Create cgroup for container.
let cgroup = Cgroup::new("/sys/fs/cgroup", "sbox").unwrap();
// Path to rootfs for container image.
let image_dir = PathBuf::from("/tmp/sbox-image");
// Path to container state dir.
let state_dir = PathBuf::from("/tmp/sbox-state");
create_dir_all(state_dir.join("upper")).unwrap();
create_dir_all(state_dir.join("work")).unwrap();
// Create container.
let container = Container::options()
.cgroup(cgroup)
.add_mount(OverlayMount::new(
vec![image_dir],
state_dir.join("upper"),
state_dir.join("work"),
))
.add_mount(BaseMounts::new())
.rootfs(state_dir.join("rootfs"))
.user_mapper(user_mapper.clone())
.create()
.unwrap();
// Start container.
InitProcess::options()
.command(vec![
"/bin/sh".into(),
"-c".into(),
"echo 'Hello, World' && id && cat /proc/self/cgroup".into(),
])
.start(&container)
.unwrap()
.wait()
.unwrap();
}
License
sbox is distributed under the terms of both the MIT license and the Apache 2.0 License.
Dependencies
~1.5MB
~35K SLoC