This commit containers the following changes:
- Fix fd forwarding in exec
- Fix exists_exec algorithm for path to executable contains symlinks parent
- Fix mount destination when using as alias
- Add Device directive for changing devfs rules
- Executables are now able to run as non-root user by name or uid/gid
- Refactored the supervisor loop to make it run in child process, still
keeping parent side of the run loop to poll in updates and eventually,
event streams.
- The ultimate plan is to allow the supervisor loop "detach" from the main
process, and allow a replacement process to adopt the loop. Such that
the daemon can be restart/update without bringing all the running containers
with it.
Previously the checks and global resource allocation all happen in one place, this commit
move out the checks that does not require resource allocation. This allows us to warn the
user ahead of time about potentially risky container creation without restore allocated
resources.
The old image store does not account for hostname and does not keep track
of manifests that belongs to a repo but without a tag. This is essential
as otherwise we cannot reliably implement hostname <+> name based ACL to
the images
This commit contains a few changes:
- Updated clap to version 4, which introduced quite a bit of changes
- Since we are refactoring the CLI interface, take the chance to also make
importing and patching images easier
- Turns out we support nullfs mount files now, remove the checks to ensure
both the source and mountpoint to be directory with checking if they
are the same file, and only directory or file
- add a column in sqlite to store the origin of each fs layer
- on push layer, we try mount the layer from the other repo with the same name as the origin of the layer
