Easy to use, extendable, OCI-compliant container runtime written in pure Rust

Related tags

Deployment docker rust containers runc container-runtime
Overview

pura-logo

PURA - Lightweight & OCI-compliant container runtime

Pura is an experimental Linux container runtime written in pure and dependency-minimal Rust. The intent was to explore the OCI runtime spec and see how the integration with Docker would work. It's a hobby project and should be considered as a starting point for learning how container runtimes work and interact with the Linux kernel features.

⚠️ DON'T USE THIS IN PRODUCTION

Pura works and it's only feature tested, but no official security audit has been done, so please use this code exclusively to learn and expand the codebase. If you want a production-grade container runtime that's written in Rust, use the excellent Youki runtime.

Intro

The goal of Pura was to learn how container runtimes work and how container engines integrate an OCI-compliant implementation. The only requirement was to be as dependency free as possible with a small memory footprint. Binaries built for release mode are all <5MB.

Pura was tested on the following distros (standalone binary and Docker integration):

  • Debian 11
  • Fedora 29
  • CentOS 7
  • Ubuntu 18.04 & 20.04
  • OpenSUSE 15

Build

Prerequisites:

  • Rust 1.54 or later
  • libc:
    • Debian: apt-get install build-essential
    • Fedora: dnf install gcc
    • CentOS: yum install gcc

Build as a usual Rust project:

git clone [email protected]:penumbra23/pura.git
cd pura
cargo build --release

Usage

Pura can be used as a standalone container runtime like runc with the OCI compliant commands:

cd target/release
./pura create id123456789 --bundle /path/to/bundle
./pura start id123456789
./pura state id123456789
./pura delete id123456789

or it can be integrated with Docker:

# stop the dockerd service (NOTE: this will stop all running containers on your Linux OS)
# init-based
sudo service docker stop
# systemd-based
sudo systemctl stop docker

# run dockerd manually
sudo dockerd -H unix:///var/run/docker.sock --runtime pura=/pura-repo/target/release/pura

docker run -it --runtime pura alpine /bin/sh
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.13.5
PRETTY_NAME="Alpine Linux v3.13"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
/ #

To avoid halting the Docker daemon everytime you test, you can add it inside the dockerd config file, /etc/docker/daemon.json:

{
  ...
  ...
  "default-runtime": "runc",
  "runtimes": {
    "pura": {
      "path": "/pura-repo/target/release/pura"
    }
  }
  ...
  ...
}

After adding the runtime section inside daemon.json just start the Docker service and specify the --runtime pura option when starting a container. This way, when changing the source code just recompile it without restarting the Docker service.

Contribute

As this is a experimental project intended for learing purposes, anyone can submit PRs or file issues. Features left to implement are:

  • cgroups
  • seccomp
  • apparmor

License

MIT

You might also like...
A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.)

Angea Naming from hydrangea(アジサイ) A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.) WSL1 is not s

いんしさくら 16 Dec 5, 2022
insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.

Insject insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces. It suppo

NCC Group Plc 44 Nov 9, 2022
Hot-plug devices into a Docker container as they are plugged.

container-hotplug Hot-plug (and unplug) devices into a Docker container as they are (un)plugged. Description Docker provides the --device flag to give

lowRISC 2 Oct 17, 2022
Rust Kubernetes client and controller runtime

kube-rs Rust client for Kubernetes in the style of a more generic client-go, a runtime abstraction inspired by controller-runtime, and a derive macro

kube-rs 1.8k Jan 8, 2023
Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes.
Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes.

Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes.

Qovery 1.9k Jan 4, 2023
Desktop launcher to install and use Holochain apps locally

Holochain Launcher A cross-platform executable that launches a local Holochain conductor, and installs and opens apps. Feedback is immensely welcome i

Holochain 58 Dec 30, 2022
A simple containerized application manage system like Kubernetes, but written in Rust
A simple containerized application manage system like Kubernetes, but written in Rust

rMiniK8s A simple dockerized application management system like Kubernetes, written in Rust, plus a simple FaaS implementation. Course Project for SJT

markcty 15 Jul 8, 2023
Automated builded images for rust-lang with rustup, "the ultimate way to install RUST"

rustup Automated builded images on store and hub for rust-lang with musl added, using rustup "the ultimate way to install RUST". tag changed: all3 -

刘冲 83 Nov 30, 2022
docker-rust — the official Rust Docker image

About this Repo This is the Git repo of the Docker official image for rust. See the Docker Hub page for the full readme on how to use this Docker imag

The Rust Programming Language 321 Dec 11, 2022
Comments
  • Unable to bind IPC socket

    Unable to bind IPC socket

    After compile pura on my machine I have that message related to not bind to IPC socket... how can i solve that?

    DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS" NAME="Ubuntu" VERSION="20.04.3 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.3 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal

    rustc 1.58.1 (db9d1b20b 2022-01-20)

    pura create hello-world-node --bundle /home/kaique/war/runc/ --console-socket /tmp/socket thread 'main' panicked at 'called Result::unwrap() on an Err value: Error { msg: "unable to bind IPC socket", err_type: Runtime }', src/main.rs:76:53 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

    opened by ktfth 6
  • Is there some blog/tutorial to start with?

    Is there some blog/tutorial to start with?

    Hi, this is an amazing repo! As I'm currently working on cloud-related stuff and learning Rust, this repo is great for me, thank's a lot! I want to learn this repo and try to PR somethng, so I wonder is there some blog/tutorial that could help me learn this repo? Thanks :)

    opened by greenhandatsjtu 4
  • Ask for help

    Ask for help

    How did you write this project? And is there any guidance material? I also want to write a container runtime from scratch for learning, can you help me?

    opened by Yuan-Zhuo 3
  • Add 2-way IPC channel for container <-> host

    Add 2-way IPC channel for container <-> host

    Added kinda protocol between host and container; The container acts as a socket server giving internal info to the host and waits for the start command.

    opened by penumbra23 0
Owner
Branimir Malesevic
/ real-time rendering / game engine design && development / GPGPU / P2P apps / containers
Branimir Malesevic
GitHub
A secure container runtime with OCI interface

Quark Container Welcome to Quark Container. This repository is the home of Quark Containers code. What's Quark Container Quark Container is high perfo

null 175 Dec 29, 2022
Shallow Container is a light-weight container tool written in Rust.

Shallow Container is a light-weight container tool written in Rust. It is totally for proof-of-concept and may not suit for production environment.

Rui Li 14 Apr 8, 2022
Experimental implementation of the oci-runtime in Rust

youki Experimental implementation of the oci-runtime in Rust Overview youki is an implementation of runtime-spec in Rust, referring to runc. This proj

utam0k 12 Sep 23, 2022
youki is an implementation of the OCI runtime-spec in Rust, similar to runc.

youki is an implementation of the OCI runtime-spec in Rust, similar to runc.

Containers 4.2k Dec 29, 2022
A tiny minimal container runtime written in Rust.

vas-quod A tiny minimal container runtime written in Rust. The idea is to support a minimal isolated containers without using existing runtimes, vas-q

flouthoc 438 Dec 26, 2022
dedock is a container runtime, with a particular focus on enabling embedded software development across all platforms

dedock is a container runtime, with a particular focus on enabling embedded software development across all platforms. It supports native "containers" on both Linux and macOS.

Daniel Mangum 12 May 27, 2023
VMM-based macOS Native Container Runtime

Akari: VMM-based macOS Native Container Runtime Akari is an experimental OCI runtime aims to run macOS native containers on macOS. This runtime works

Akira Moroo 29 Jul 15, 2024
Runc - CLI tool for spawning and running containers according to the OCI specification

runc Introduction runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Releases You can find official r

Open Container Initiative 9.9k Jan 5, 2023
Inspect and dump OCI images.

reinlinsen ?? rl is a tool to inspect and dump OCI images or single image layers. Installation From source If you have cargo installed you can just ru

Tobias Brumhard 5 May 11, 2023
Container monitor in Rust

Conmon-rs A pod level OCI container runtime monitor. The goal of this project is to provide a container monitor in Rust. The scope of conmon-rs encomp

Containers 84 Dec 21, 2022