v2.1.0

Changes

• Support --net=none (#430, thanks to @antrusd)
• Support systemd socket activation (#429, thanks to @charliemirabile)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/8?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8841780701
The sha256sum of the SHA256SUMS file itself is dc49dda422704b6b9fc6e2bc7fcdf436f437fc98fa0ff1bcdcc38687954baadd .

v2.0.2

Changes

• Print hints if kernel.apparmor_restrict_unprivileged_userns is set
• Update Go to 1.22 (#422)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/7?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8163783724
The sha256sum of the SHA256SUMS file itself is b1e3afe86589cffe1ffa8e5978922df28924637c62ba08ffb8c9fb41231494e9 .

v2.0.1

Changes

• lxc-user-nic: fix /etc/resolv.conf missing IP (#419)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/6?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7793948990
The sha256sum of the SHA256SUMS file itself is 262930950ccc1406ad75b2af45adcd9032375feaf92ade68d6ae76cdd39abd11 .

v2.0.0

Changes

Support detach-netns (#379 , thanks to @fahedouch)

The --detach-netns mode detaches the network namespace associated with slirp4netns, etc. into $ROOTLESSKIT_STATE_DIR/netns,
and executes the child command in the host's network namespace.

The child command can enter $ROOTLESSKIT_STATE_DIR/netns by itself to create nested network namespaces inside it for CNI, etc.

This will be used for:

• Accelerating (and deflaking) nerdctl (push|pull|build).
• Supporting nerdctl run --net=host

See containerd/nerdctl#2723 for how nerdctl will adopt the --detach-netns mode.

New network driver: pasta (with port driver implicit) (#358)

Pasta(https://passt.top/passt/) is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver.
It is still not faster than RootlessKit's builtin port driver, but unlike the builtin port driver, pasta can retain source IP address information.

Network driver	Port driver	Net throughput	Port throughput	Src IP	No SUID	Note
slirp4netns	builtin	Slow	Fast ✅	❌	✅
slirp4netns	slirp4netns	Slow	Slow	✅	✅
pasta	implicit	Slow	Fast ✅	✅	✅	Experimental
lxc-user-nic	builtin	Fast ✅	Fast ✅	❌	❌	Experimental
(bypass4netns)	(bypass4netns)	Fast ✅	Fast ✅	✅	✅	Not integrated to RootlessKit

Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7523006764
The sha256sum of the SHA256SUMS file itself is 86f558c55497f1df37de1f24aee3c3ac6f3231e2262ea2910362ba3f90ef534d .

v2.0.0-beta.0

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7484539298
The sha256sum of the SHA256SUMS file itself is 05e6635dbce6f712ad4f24acc4e916c98983abde875317219e8fd896babd8ceb .

v2.0.0-alpha.2

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7087369125
The sha256sum of the SHA256SUMS file itself is cbf6e81cd4fc638a22bb08eb151d1a2b31886b8f6006242d0922cdad7340f6d8 .

v2.0.0-alpha.1

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• No support for forwarding UDP ports

• Tested with pasta 2023_06_25.32660ce on Ubuntu 23.04.
  Doesn't work with 2023_06_03.429e1a7: Option --no-copy-routes needs --config-net
  (This is printed despite that --no-copy-routes is not specified)

• Doesn't work with Ubuntu 23.04's dpkg (passt_0.0~git20230216.4663ccc-1_amd64.deb):
  Couldn't open user namespace /proc/51813/ns/user: Permission denied
  Likely to be related to AppArmor.
  sudo apparmor_parser -R /etc/apparmor.d/usr.bin.passt can eliminate this error, but pasta still fails with another error ( Couldn't get any nameserver address)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v2.0.0-alpha.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/6450538315
The sha256sum of the SHA256SUMS file itself is cecafe5edfe8bcd46282173a5bd712de53806d5b6e843f18e88b09a441d45d83 .

v2.0.0-alpha.0

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• No support for forwarding UDP ports

• Tested with pasta 2023_06_25.32660ce on Ubuntu 23.04.
  Doesn't work with 2023_06_03.429e1a7: Option --no-copy-routes needs --config-net
  (This is printed despite that --no-copy-routes is not specified)

• Doesn't work with Ubuntu 23.04's dpkg (passt_0.0~git20230216.4663ccc-1_amd64.deb):
  Couldn't open user namespace /proc/51813/ns/user: Permission denied
  Likely to be related to AppArmor.
  sudo apparmor_parser -R /etc/apparmor.d/usr.bin.passt can eliminate this error, but pasta still fails with another error ( Couldn't get any nameserver address)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v2.0.0-alpha.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/5413506727
The sha256sum of the SHA256SUMS file itself is 8d0affc6d77eda70b1fcc3c6e328fb1b7d2e32670f0434a4068de2e692941197 .

v1.1.1

Changes:

• Remove duplicate id ranges returned by getsubu/gid for username/uid (#369, thanks to @i-do-cpp)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/4?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v1.1.1/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/5118297175
The sha256sum of the SHA256SUMS file itself is 089a069ff1fe7d99a5126455484cdbfdc8ba6134caf93066b90dc6d031a6a741 .

v1.1.0

Changes

• Support using /usr/bin/getsubids via --subid-source=dynamic (#340).
  Useful for SSSD environments (subid: sss in /etc/nsswitch.conf)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/3?closed=1
Thanks to @kowalski7cc @zhangwenlong8911

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v1.1.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/3469963065
The sha256sum of the SHA256SUMS file itself is 2add1e479224f9f03eb82447f3e2fa1b1886ca13da0956a1fe8b596251977ccb .