Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Full Linux OCI runtime spec support #23

Closed
1 of 18 tasks
cpuguy83 opened this issue Nov 18, 2022 · 9 comments · Fixed by #78
Closed
1 of 18 tasks

Full Linux OCI runtime spec support #23

cpuguy83 opened this issue Nov 18, 2022 · 9 comments · Fixed by #78

Comments

@cpuguy83
Copy link
Member

cpuguy83 commented Nov 18, 2022
edited
Loading

Right now we have only partial support for the OCI runtime spec.
While some things in the spec may not make sense for running wasm code itself, it is useful for sandboxing for the wasm runtime and/or the execution of the wasm for defense-in-depth as well as ensuring fewer surprises for users expecting their settings to actually apply.

Some things missing:
@cpuguy83
Copy link
Member Author

@Mossaka

@Mossaka
Copy link
Member

Mossaka commented Nov 21, 2022

Wow, thanks!! That's a long list of TODOs.

@utam0k
Copy link
Member

utam0k commented Nov 23, 2022

@cpuguy83 @Mossaka
Hi, runwasi team. I'm from youki which implements the OCI runtime spec in Rust. We have already supported wasm and full linux OCI runtime spec.
https://containers.github.io/youki/user/webassembly.html
Can we cooperate? A crate from youki is also provided for ease of use by other container-related people.

@squillace squillace mentioned this issue Nov 28, 2022
Closed
@Mossaka
Copy link
Member

Mossaka commented Nov 29, 2022

Hey @utam0k !

I am happy to cooperate with Youki on OCI runtime spec considering both projects are written in Rust! Do you want to sync up on this topic some time later this week?

@utam0k
Copy link
Member

utam0k commented Nov 29, 2022

@Mossaka I'm looking forward to working with you!
I'm a little busy these days and may not have time. Why don't we communicate on discord first for closer communication in private? May I ask you to join the youki discord groupand send me a friend request?

@Mossaka
Copy link
Member

Mossaka commented Nov 30, 2022

May I ask you to join the youki discord groupand send me a friend request?

Done

rumpl pushed a commit to rumpl/runwasi that referenced this issue Dec 16, 2022
@hydai
Merge pull request containerd#23 from rumpl/fix-rootfs-preopen
6311826 
Put the right format for rootfs preopen
@ipuustin
Copy link
Contributor

I started looking at implementing device files and seccomp support in https://github.com/ipuustin/runwasi/commits/seccomp using libcontainer features. Right now there is a slight incompatibility due to different oci-spec versions though.

@utam0k utam0k mentioned this issue Feb 27, 2023
Merged
5 tasks
@utam0k
Copy link
Member

utam0k commented Apr 26, 2023

@cpuguy83 @Mossaka I'd like to address the wasmtime part in the same way. When is the best time?

@ipuustin
Copy link
Contributor

ipuustin commented May 3, 2023

@cpuguy83 @Mossaka I'd like to address the wasmtime part in the same way. When is the best time?

I think anytime. :-) I made an issue for tracking it: #110

@utam0k utam0k mentioned this issue Jun 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

runwasi: Use youki to fully support OCI runtime spec in wasmedge utam0k/runwasi
4 participants
@cpuguy83 @ipuustin @Mossaka @utam0k