356d1be140
'--rootless' flag lets a non-root user execute 'runsc do'. The drawback is that the sandbox and gofer processes will run as root inside a user namespace that is mapped to the caller's user, intead of nobody. And network is defaulted to '--network=host' inside the root network namespace. On the bright side, it's very convenient for testing: runsc --rootless do ls runsc --rootless do curl www.google.com PiperOrigin-RevId: 252840970 |
||
|---|---|---|
| .. | ||
| test_app | ||
| BUILD | ||
| console_test.go | ||
| container.go | ||
| container_test.go | ||
| hook.go | ||
| multi_container_test.go | ||
| shared_volume_test.go | ||
| status.go | ||