
Vagga is a containerization tool without daemons - m_sahaf
https://github.com/tailhook/vagga
======
jamescun
I don't understand this point:

    
    
      - Fully userspace containers, no need for elevated privileges
    

The most basic Linux container is constructed with chroot and namespaces, both
of which require root privileges (or at least CAP_SYS_CHROOT and CAP_SYS_ADMIN
respectively). Additionally managing layers with a union filesystem, unless
utilising FUSE, will also require elevated privileges.

~~~
jamescun
A more extensive look at the code, it requires the host root user to set
`kernel.unprivileged_userns_clone=1` after which Vagga can perform privileged
operations as a "root" user inside a user namespace.

~~~
tailhook
Yes. But that's on debian (IIRC) kernel, i.e. the patched one. On stock kernel
it requires CONFIG_USER_NS setting enabled, and it just works.

------
cm3
Excellent avoidance of elevated privileges with CONFIG_USER_NS and it's easy
to deploy. Great stuff!

------
pathsjs
I just had a brief look at the tutorial, but it looks great! Kudos to the
author!

------
jabl
..and it's implemented in Rust, w00t!

~~~
cm3
I wonder where they get their Rust musl static releases from? As you cannot
bootstrap 1.7 with 1.6 you always need to use the officially tagged nightly
snapshot for the particular release when building rust, which happens to be
for glibc. So it's a pita to build and use rust with musl, unless it's part of
the official release channels already.

~~~
tailhook
vagga is built by vagga itself, so you can look at how to make musl rust here:
[https://github.com/tailhook/vagga/blob/master/vagga.yaml#L23...](https://github.com/tailhook/vagga/blob/master/vagga.yaml#L23-L56)

There is already a musl libc distributed with rust since 1.5:
[http://static.rust-lang.org/dist/index.html](http://static.rust-
lang.org/dist/index.html) [http://static.rust-lang.org/dist/rust-
std-1.6.0-x86_64-unkno...](http://static.rust-lang.org/dist/rust-
std-1.6.0-x86_64-unknown-linux-musl.tar.gz)

But we had not used it yet.

------
shiftoutbox
Hey look , jails on Linux .

