Easy to use, extendable, OCI-compliant container runtime written in pure Rust

Last update: Jan 9, 2023

Overview

PURA - Lightweight & OCI-compliant container runtime

Pura is an experimental Linux container runtime written in pure and dependency-minimal Rust. The intent was to explore the OCI runtime spec and see how the integration with Docker would work. It's a hobby project and should be considered as a starting point for learning how container runtimes work and interact with the Linux kernel features.

⚠️ DON'T USE THIS IN PRODUCTION

Pura works and it's only feature tested, but no official security audit has been done, so please use this code exclusively to learn and expand the codebase. If you want a production-grade container runtime that's written in Rust, use the excellent Youki runtime.

Intro

The goal of Pura was to learn how container runtimes work and how container engines integrate an OCI-compliant implementation. The only requirement was to be as dependency free as possible with a small memory footprint. Binaries built for release mode are all <5MB.

Pura was tested on the following distros (standalone binary and Docker integration):

Debian 11
Fedora 29
CentOS 7
Ubuntu 18.04 & 20.04
OpenSUSE 15

Build

Prerequisites:

Rust 1.54 or later
libc:
- Debian: apt-get install build-essential
- Fedora: dnf install gcc
- CentOS: yum install gcc

Build as a usual Rust project:

git clone [email protected]:penumbra23/pura.git
cd pura
cargo build --release

Usage

Pura can be used as a standalone container runtime like runc with the OCI compliant commands:

cd target/release
./pura create id123456789 --bundle /path/to/bundle
./pura start id123456789
./pura state id123456789
./pura delete id123456789

or it can be integrated with Docker:

# stop the dockerd service (NOTE: this will stop all running containers on your Linux OS)
# init-based
sudo service docker stop
# systemd-based
sudo systemctl stop docker

# run dockerd manually
sudo dockerd -H unix:///var/run/docker.sock --runtime pura=/pura-repo/target/release/pura

docker run -it --runtime pura alpine /bin/sh
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.13.5
PRETTY_NAME="Alpine Linux v3.13"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
/ #

To avoid halting the Docker daemon everytime you test, you can add it inside the dockerd config file, /etc/docker/daemon.json:

{
  ...
  ...
  "default-runtime": "runc",
  "runtimes": {
    "pura": {
      "path": "/pura-repo/target/release/pura"
    }
  }
  ...
  ...
}

After adding the runtime section inside daemon.json just start the Docker service and specify the --runtime pura option when starting a container. This way, when changing the source code just recompile it without restarting the Docker service.

Contribute

As this is a experimental project intended for learing purposes, anyone can submit PRs or file issues. Features left to implement are:

cgroups
seccomp
apparmor

License

MIT

insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.

Insject insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces. It suppo

44 Nov 9, 2022

Hot-plug devices into a Docker container as they are plugged.

container-hotplug Hot-plug (and unplug) devices into a Docker container as they are (un)plugged. Description Docker provides the --device flag to give

2 Oct 17, 2022

Rust Kubernetes client and controller runtime

kube-rs Rust client for Kubernetes in the style of a more generic client-go, a runtime abstraction inspired by controller-runtime, and a derive macro

1.8k Jan 8, 2023

Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes.

1.9k Jan 4, 2023

Desktop launcher to install and use Holochain apps locally

Holochain Launcher A cross-platform executable that launches a local Holochain conductor, and installs and opens apps. Feedback is immensely welcome i

58 Dec 30, 2022

A simple containerized application manage system like Kubernetes, but written in Rust

rMiniK8s A simple dockerized application management system like Kubernetes, written in Rust, plus a simple FaaS implementation. Course Project for SJT

15 Jul 8, 2023

Automated builded images for rust-lang with rustup, "the ultimate way to install RUST"

rustup Automated builded images on store and hub for rust-lang with musl added, using rustup "the ultimate way to install RUST". tag changed: all3 -

83 Nov 30, 2022

docker-rust — the official Rust Docker image

About this Repo This is the Git repo of the Docker official image for rust. See the Docker Hub page for the full readme on how to use this Docker imag

321 Dec 11, 2022

Docker images for compiling static Rust binaries using musl-libc and musl-gcc, with static versions of useful C libraries. Supports openssl and diesel crates.

rust-musl-builder: Docker container for easily building static Rust binaries Source on GitHub Changelog UPDATED: Major updates in this release which m

1.3k Jan 1, 2023

Comments

Unable to bind IPC socket

After compile pura on my machine I have that message related to not bind to IPC socket... how can i solve that?

DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS" NAME="Ubuntu" VERSION="20.04.3 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.3 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal

rustc 1.58.1 (db9d1b20b 2022-01-20)

pura create hello-world-node --bundle /home/kaique/war/runc/ --console-socket /tmp/socket thread 'main' panicked at 'called Result::unwrap() on an Err value: Error { msg: "unable to bind IPC socket", err_type: Runtime }', src/main.rs:76:53 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

opened by ktfth 6
Is there some blog/tutorial to start with?

Hi, this is an amazing repo! As I'm currently working on cloud-related stuff and learning Rust, this repo is great for me, thank's a lot! I want to learn this repo and try to PR somethng, so I wonder is there some blog/tutorial that could help me learn this repo? Thanks :)

opened by greenhandatsjtu 4
Ask for help

How did you write this project? And is there any guidance material? I also want to write a container runtime from scratch for learning, can you help me?

opened by Yuan-Zhuo 3
Add 2-way IPC channel for container <-> host

Added kinda protocol between host and container; The container acts as a socket server giving internal info to the host and waits for the start command.

opened by penumbra23 0