runc: add support for rootless containers

This enables the support for the rootless container mode. There are many restrictions on what rootless containers can do, so many different runC commands have been disabled: * runc checkpoint * runc events * runc pause * runc ps * runc restore * runc resume * runc update The following commands work: * runc create * runc delete * runc exec * runc kill * runc list * runc run * runc spec * runc state In addition, any specification options that imply joining cgroups have also been disabled. This is due to support for unprivileged subtree management not being available from Linux upstream. Signed-off-by: Aleksa Sarai <asarai@suse.de>
2025-09-27 03:46:19 +08:00 · 2016-04-23 23:39:42 +10:00
parent 6bd4bd9030
commit d2f49696b0
21 changed files with 742 additions and 193 deletions
--- a/utils.go
+++ b/utils.go
@@ -63,9 +63,6 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
 	if err != nil {
 		return nil, err
 	}
-	if os.Geteuid() != 0 {
-		return nil, fmt.Errorf("runc should be run as root")
-	}
 	return spec, nil
 }