Releases: rootless-containers/rootlesskit
v2.1.0
Changes
- Support
--net=none
(#430, thanks to @antrusd) - Support systemd socket activation (#429, thanks to @charliemirabile)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/8?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8841780701
The sha256sum of the SHA256SUMS file itself is dc49dda422704b6b9fc6e2bc7fcdf436f437fc98fa0ff1bcdcc38687954baadd .
v2.0.2
Changes
- Print hints if
kernel.apparmor_restrict_unprivileged_userns
is set - Update Go to 1.22 (#422)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/7?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8163783724
The sha256sum of the SHA256SUMS file itself is b1e3afe86589cffe1ffa8e5978922df28924637c62ba08ffb8c9fb41231494e9 .
v2.0.1
Changes
- lxc-user-nic: fix /etc/resolv.conf missing IP (#419)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/6?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7793948990
The sha256sum of the SHA256SUMS file itself is 262930950ccc1406ad75b2af45adcd9032375feaf92ade68d6ae76cdd39abd11 .
v2.0.0
Changes
Support detach-netns (#379 , thanks to @fahedouch)
The --detach-netns
mode detaches the network namespace associated with slirp4netns, etc. into $ROOTLESSKIT_STATE_DIR/netns
,
and executes the child command in the host's network namespace.
The child command can enter $ROOTLESSKIT_STATE_DIR/netns
by itself to create nested network namespaces inside it for CNI, etc.
This will be used for:
- Accelerating (and deflaking)
nerdctl (push|pull|build)
. - Supporting
nerdctl run --net=host
See containerd/nerdctl#2723 for how nerdctl will adopt the --detach-netns
mode.
New network driver: pasta
(with port driver implicit
) (#358)
Pasta(https://passt.top/passt/) is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver.
It is still not faster than RootlessKit's builtin
port driver, but unlike the builtin
port driver, pasta can retain source IP address information.
Network driver | Port driver | Net throughput | Port throughput | Src IP | No SUID | Note |
---|---|---|---|---|---|---|
slirp4netns | builtin | Slow | Fast ✅ | ❌ | ✅ | |
slirp4netns | slirp4netns | Slow | Slow | ✅ | ✅ | |
pasta | implicit | Slow | Fast ✅ | ✅ | ✅ | Experimental |
lxc-user-nic | builtin | Fast ✅ | Fast ✅ | ❌ | ❌ | Experimental |
(bypass4netns) | (bypass4netns) | Fast ✅ | Fast ✅ | ✅ | ✅ | Not integrated to RootlessKit |
Usage: rootlesskit --net=pasta --port-driver=implicit
-
No support for explicit port forwarding (
rootlessctl add-ports
),
as pasta doesn't support it yet.
Use--port-driver=implicit
to let pasta forward TCP ports implicitly.
The forwarded ports are not visible inrootlessctl list-ports
. -
Needs very recent version of pasta (
2023_12_04.b86afe3
)
Add --print-semver=(major|minor|patch)
(#381)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7523006764
The sha256sum of the SHA256SUMS file itself is 86f558c55497f1df37de1f24aee3c3ac6f3231e2262ea2910362ba3f90ef534d .
v2.0.0-beta.0
Changes
support detach-netns (#379 , thanks to @fahedouch)
Planned to be used for:
- accelerating (and deflaking)
nerdctl pull
andnerdctl build
- supporting
nerdctl run --net=host
new network driver: pasta
(with port driver implicit
) (#358)
Pasta: https://passt.top/passt/
Usage:rootlesskit --net=pasta --port-driver=implicit
No support for explicit port forwarding (
rootlessctl add-ports
),
as pasta doesn't support it yet.
Use--port-driver=implicit
to let pasta forward TCP ports implicitly.
The forwarded ports are not visible inrootlessctl list-ports
.Needs very recent version of pasta (
2023_12_04.b86afe3
)
Add --print-semver=(major|minor|patch)
(#381)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7484539298
The sha256sum of the SHA256SUMS file itself is 05e6635dbce6f712ad4f24acc4e916c98983abde875317219e8fd896babd8ceb .
v2.0.0-alpha.2
Changes
support detach-netns (#379 , thanks to @fahedouch)
Planned to be used for:
- accelerating (and deflaking)
nerdctl pull
andnerdctl build
- supporting
nerdctl run --net=host
new network driver: pasta
(with port driver implicit
) (#358)
Pasta: https://passt.top/passt/
Usage:rootlesskit --net=pasta --port-driver=implicit
No support for explicit port forwarding (
rootlessctl add-ports
),
as pasta doesn't support it yet.
Use--port-driver=implicit
to let pasta forward TCP ports implicitly.
The forwarded ports are not visible inrootlessctl list-ports
.Needs very recent version of pasta (
2023_12_04.b86afe3
)
Add --print-semver=(major|minor|patch)
(#381)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7087369125
The sha256sum of the SHA256SUMS file itself is cbf6e81cd4fc638a22bb08eb151d1a2b31886b8f6006242d0922cdad7340f6d8 .
v2.0.0-alpha.1
Changes
support detach-netns (#379 , thanks to @fahedouch)
Planned to be used for:
- accelerating (and deflaking)
nerdctl pull
andnerdctl build
- supporting
nerdctl run --net=host
new network driver: pasta
(with port driver implicit
) (#358)
Pasta: https://passt.top/passt/
Usage:rootlesskit --net=pasta --port-driver=implicit
No support for explicit port forwarding (
rootlessctl add-ports
),
as pasta doesn't support it yet.
Use--port-driver=implicit
to let pasta forward TCP ports implicitly.
The forwarded ports are not visible inrootlessctl list-ports
.No support for forwarding UDP ports
Tested with pasta 2023_06_25.32660ce on Ubuntu 23.04.
Doesn't work with 2023_06_03.429e1a7:Option --no-copy-routes needs --config-net
(This is printed despite that--no-copy-routes
is not specified)Doesn't work with Ubuntu 23.04's dpkg (passt_0.0~git20230216.4663ccc-1_amd64.deb):
Couldn't open user namespace /proc/51813/ns/user: Permission denied
Likely to be related to AppArmor.
sudo apparmor_parser -R /etc/apparmor.d/usr.bin.passt
can eliminate this error, but pasta still fails with another error (Couldn't get any nameserver address
)
Add --print-semver=(major|minor|patch)
(#381)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v2.0.0-alpha.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/6450538315
The sha256sum of the SHA256SUMS file itself is cecafe5edfe8bcd46282173a5bd712de53806d5b6e843f18e88b09a441d45d83 .
v2.0.0-alpha.0
Changes
support detach-netns (#379 , thanks to @fahedouch)
Planned to be used for:
- accelerating (and deflaking)
nerdctl pull
andnerdctl build
- supporting
nerdctl run --net=host
new network driver: pasta
(with port driver implicit
) (#358)
Pasta: https://passt.top/passt/
Usage:rootlesskit --net=pasta --port-driver=implicit
No support for explicit port forwarding (
rootlessctl add-ports
),
as pasta doesn't support it yet.
Use--port-driver=implicit
to let pasta forward TCP ports implicitly.
The forwarded ports are not visible inrootlessctl list-ports
.No support for forwarding UDP ports
Tested with pasta 2023_06_25.32660ce on Ubuntu 23.04.
Doesn't work with 2023_06_03.429e1a7:Option --no-copy-routes needs --config-net
(This is printed despite that--no-copy-routes
is not specified)Doesn't work with Ubuntu 23.04's dpkg (passt_0.0~git20230216.4663ccc-1_amd64.deb):
Couldn't open user namespace /proc/51813/ns/user: Permission denied
Likely to be related to AppArmor.
sudo apparmor_parser -R /etc/apparmor.d/usr.bin.passt
can eliminate this error, but pasta still fails with another error (Couldn't get any nameserver address
)
Add --print-semver=(major|minor|patch)
(#381)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v2.0.0-alpha.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/5413506727
The sha256sum of the SHA256SUMS file itself is 8d0affc6d77eda70b1fcc3c6e328fb1b7d2e32670f0434a4068de2e692941197 .
v1.1.1
Changes:
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/4?closed=1
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v1.1.1/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/5118297175
The sha256sum of the SHA256SUMS file itself is 089a069ff1fe7d99a5126455484cdbfdc8ba6134caf93066b90dc6d031a6a741 .
v1.1.0
Changes
- Support using
/usr/bin/getsubids
via--subid-source=dynamic
(#340).
Useful for SSSD environments (subid: sss
in/etc/nsswitch.conf
)
Full changes: https://github.com/rootless-containers/rootlesskit/milestone/3?closed=1
Thanks to @kowalski7cc @zhangwenlong8911
Install
mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v1.1.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin
About the binaries
The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/3469963065
The sha256sum of the SHA256SUMS file itself is 2add1e479224f9f03eb82447f3e2fa1b1886ca13da0956a1fe8b596251977ccb .