356d1be140
'--rootless' flag lets a non-root user execute 'runsc do'. The drawback is that the sandbox and gofer processes will run as root inside a user namespace that is mapped to the caller's user, intead of nobody. And network is defaulted to '--network=host' inside the root network namespace. On the bright side, it's very convenient for testing: runsc --rootless do ls runsc --rootless do curl www.google.com PiperOrigin-RevId: 252840970 |
||
---|---|---|
.. | ||
test_app | ||
BUILD | ||
console_test.go | ||
container.go | ||
container_test.go | ||
hook.go | ||
multi_container_test.go | ||
shared_volume_test.go | ||
status.go |