Currently, urunc handle itself the creation of the execution environment for the monitor process. Therefore, it creates all namespaces, performs the necessary mounts, etc.. However, in that way we will spend a lot of time to re-implement logic that has already be done from other mature projects (like runc) without any clear benefit. As an alternative we can reuse these projects to setup the execution environment for us and therefore we can focus on other aspects of urunc and its execution model (networking, integration with other projects etc.). Furthermore, this will have also the following benefits:
- Drop in replacement of urunc for the runc binary. Currently we fork and exec runc for non-urunc containers, therefore runc needs to be installed.
- Keeping track with the latest changes and potential CVEs which could get unnoticed from our side.
- Using a widely known and well tested library.
- Support for cgroups, user namespaces AppArmor, etc.
- Much more robust base
The refactor will take place gradually and the role of this issue is to serve as an umbrella issue for all the small tasks that need to be done for the preparation of the libcontainers use. The goal of this issue to have an initial integration with all the current features of urunc working properly with libcontianers too (network, rootfs handling, mounts) plus the cgroups support.
The old implementation will not get removed, and it will remain available through a configuration option. However, the default option will be the use of libcontainers.
Currently, urunc handle itself the creation of the execution environment for the monitor process. Therefore, it creates all namespaces, performs the necessary mounts, etc.. However, in that way we will spend a lot of time to re-implement logic that has already be done from other mature projects (like runc) without any clear benefit. As an alternative we can reuse these projects to setup the execution environment for us and therefore we can focus on other aspects of urunc and its execution model (networking, integration with other projects etc.). Furthermore, this will have also the following benefits:
The refactor will take place gradually and the role of this issue is to serve as an umbrella issue for all the small tasks that need to be done for the preparation of the libcontainers use. The goal of this issue to have an initial integration with all the current features of urunc working properly with libcontianers too (network, rootfs handling, mounts) plus the cgroups support.
The old implementation will not get removed, and it will remain available through a configuration option. However, the default option will be the use of libcontainers.