Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: re-exec if rootless using nsenter #950

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat: re-exec if rootless using nsenter #950

wants to merge 4 commits into from

Conversation

tuananh
Copy link
Contributor

@tuananh tuananh commented Nov 19, 2023
edited

Issue #, if available:
Fixes: #687

Description of changes:

Testing performed:

I setup containerd rootless mode, nsenter and then run soci-snapshoter in there.

Tested index list command

Need to create another PR for snapshotter too if this works

image

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@tuananh tuananh requested a review from a team as a code owner November 19, 2023 01:01
@tuananh tuananh marked this pull request as draft November 19, 2023 01:01
@tuananh
Copy link
Contributor Author

tuananh commented Nov 20, 2023

@Kern-- is this the correct way to go?

1 similar comment
@tuananh
Copy link
Contributor Author

tuananh commented Nov 20, 2023

@Kern-- is this the correct way to go?

Kern--
Kern-- requested changes Nov 21, 2023
View reviewed changes
Copy link
Contributor

@Kern-- Kern-- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The overall direction looks right. A few comments on dependency updates and license requirements.

I'd also like to see that this works for building indexes too (I think it should, but just to be sure)

cmd/soci/main.go Outdated
if err := app.Run(os.Args); err != nil {
fmt.Fprintf(os.Stderr, "soci: %v\n", err)
os.Exit(1)
}
}

func parentMain() error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like a lot of this code came directly from nerdctl. That's fine since it's apache 2.0, but we need to add a comment that indicates where this came from and a note about the license/copywrite.

If we can pull this out into another file, it's pretty easy to mark it with a header like:

soci-snapshotter/fs/fs.go

Lines 1 to 31 in 6dcfca7

/*
Copyright The Soci Snapshotter Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

cmd/go.mod Outdated
@@ -3,7 +3,7 @@ module github.com/awslabs/soci-snapshotter/cmd
go 1.20

require (
github.com/awslabs/soci-snapshotter v0.0.0-local
github.com/awslabs/soci-snapshotter v0.4.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't look right. Can we reduce the dependency changes down to just the ones needed for rootless?

It looks like there was a larger update here.

@sondavidb
Copy link
Contributor

Is the intention of this to be able to use rootless containerd with soci? If so, would we also have to make the daemon usable without root? Just curious on the general direction of this PR.

@tuananh
feat: re-exec if rootless using nsenter
acc83fb 
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
@tuananh
move rootless to util and add license for containerd
66c98f3 
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
@tuananh
revert unrelated changes to go.mod/go.sum
3d662d8 
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
@tuananh
revert go.mod
baf2b24 
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
Kern--
Kern-- reviewed Jan 3, 2024
View reviewed changes
Copy link
Contributor

@Kern-- Kern-- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delayed response. I think we will need to work with the nerdctl maintainers on this.

go.mod
@@ -6,6 +6,7 @@ require (
github.com/containerd/containerd v1.7.8
github.com/containerd/continuity v0.4.3
github.com/containerd/log v0.1.0
github.com/containerd/nerdctl v1.7.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this creates a circular dependency in nerdctl. Maybe we should see if we can get the rootless util package in a separate module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kern-- Kern-- Kern-- requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] [CLI] Support rootless containerd
3 participants
@tuananh @sondavidb @Kern--