Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Vas-quod – A minimal Linux container runtime written in Rust (github.com/flouthoc)
110 points by flhoc on Dec 28, 2020 | hide | past | favorite | 25 comments


Nice work on this! If you cut out a bunch of the features supported by other containerization systems, the code gets quite short. My first one was in C and only a couple hundred lines. I worked on a full-featured rust container runtime while I was at Oracle. It is compatible with the oci-runtime spec, so can be used as a runtime for docker or kubernetes. The most up to date fork is at https://github.com/drahnr/railcar if you want to take a look at it for any ideas.


Sure, I have already heard of railcar before. I'll take a look at this again then i'll try to improvise vas-quod


Just curious.Why did oracle archive railcar.


I was the main developer with a little support from the rest of my team. I moved on a couple of years ago and my team was RIFed a few months later, so likely they don't have anyone left to work on it.


Hey cool, I was just about to spend a bunch of time writing pretty much the same thing.

What's up with the name? It is cool. But it is weird. In fact it is cool-weird.


vas-quod is latin for container.


Feel free to fork and extend.


Less then 200 lines of code? That is very minimal :)


There is this roadmap https://github.com/flouthoc/vas-quod#roadmap


Reminded me of Docker in Bash: https://github.com/p8952/bocker


lol yeah but i guess it'll grow in size with few more components.


given there's an unshare in linux-util, i think it would be possible to even do this with a shell script. :)


Enroot does exactly that: https://github.com/NVIDIA/enroot


true there is https://github.com/p8952/bocker.


<naming rant> What is wrong with the simpler 'vasquod'??</naming rant> :-)


Hahahah I'll try to fix the name


I second that :-)


Always wish we could run a container system like this without sudo/root access.


Podman allows you to run containers without root privileges, in case you aren't aware. But maybe you mean something else?


I wasn't aware of that. Thanks for bringing it to my attention!


Which container system can't run this way? I've only used Docker which does run rootless.


Podman has the added value of running daemonless too


Pretty neat, minimal and functional


Any security concerns?


its not 100% secure as of now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: