You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when baking a process recipe on Linux, Brioche always tries to create a new user namespace along with a mount namespace (plus some others). Some distros prevent unprivileged user namespaces out of the box, including Ubuntu 23.10+. It's usually possible for the machine to be configured to re-allow unprivileged user namespaces using a custom kernel, AppArmor profiles, or custom sysctl config (see e.g. #151), but these custom configurations require root permissions to set up.
To allow Brioche to be installed and used without root permissions, we need an alternative way to bake processes that doesn't use namespaces and can be used out-of-the-box.
Here are some alternative ways that we could support baking processes:
Unsandboxed builds. This is the simplest option, but unsandboxed builds may be less reliable as we can't enforce hermeticity
Use a subset of namespaces. Ubuntu 24.04 does allow unprivileged user namespaces by default, but restricts what they can do (I believe mount namespaces within a user namespace are disallowed, for example). As a slight step up from unsandboxed builds, we could try to set up whatever subset of namespaces we're allowed to use.
PRoot. PRoot emulates chroot by using ptrace. This would definitely have a performance hit, but might still have enough performance to be a good default in a pinch.
Qemu. Instead of using namespaces, we could run a qemu VM. This probably has a pretty major performance hit, but with user space emulation, it may give enough performance to be usable day-to-day. We'll also probably want Qemu to emulate other platforms too, of course
Pre-installed container runtime. Many users will likely have Docker, Podman, Bubblewrap, or another container runtime / sandboxing solution already installed. If it's installed with their system package manager, this could be a sort of gateway to allow for fully sandbox builds out-of-the-box for free. Not really suitable as a "final" fallback, but might be a good middle-ground.
The text was updated successfully, but these errors were encountered:
Currently, when baking a process recipe on Linux, Brioche always tries to create a new user namespace along with a mount namespace (plus some others). Some distros prevent unprivileged user namespaces out of the box, including Ubuntu 23.10+. It's usually possible for the machine to be configured to re-allow unprivileged user namespaces using a custom kernel, AppArmor profiles, or custom sysctl config (see e.g. #151), but these custom configurations require root permissions to set up.
To allow Brioche to be installed and used without root permissions, we need an alternative way to bake processes that doesn't use namespaces and can be used out-of-the-box.
Here are some alternative ways that we could support baking processes:
ptrace
. This would definitely have a performance hit, but might still have enough performance to be a good default in a pinch.The text was updated successfully, but these errors were encountered: