v2.3.1

Changes

• Fixed the pipeline for the binary release (#462)

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/10434698179
The sha256sum of the SHA256SUMS file itself is a833d35ae59e64152706f93c0cfe2ec33feef29971794ee52de070184fc1222b .

v2.3.0

Note

Binaries are missing in this release due to #461 .
Will be fixed in v2.3.1.

What's Changed

• Let pasta configure interface, fix IPv6 outbound connectivity by @sbrivio-rh in #458
• Deprecate rootlesskit-docker-proxy (no longer needed since Docker v28) by @AkihiroSuda in #459

New Contributors

• @sbrivio-rh made their first contribution in #458

Full Changelog: v2.2.0...v2.3.0

v2.2.0

Changes

• Add execution branch for socket activation to correct LISTEN_PID (#449, thanks to @alopukhov)
• Fix DNS not being accessible with slirp4netns on hosts with IPv6-only nameservers (#438, thanks to @redoste)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/9?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/9967416170
The sha256sum of the SHA256SUMS file itself is 842d2d05e3b2e96a15507581b58219bb75e71192b2c9d32c3a027a62861c99ca .

v2.1.0

Changes

• Support --net=none (#430, thanks to @antrusd)
• Support systemd socket activation (#429, thanks to @charliemirabile)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/8?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8841780701
The sha256sum of the SHA256SUMS file itself is dc49dda422704b6b9fc6e2bc7fcdf436f437fc98fa0ff1bcdcc38687954baadd .

v2.0.2

Changes

• Print hints if kernel.apparmor_restrict_unprivileged_userns is set
• Update Go to 1.22 (#422)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/7?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/8163783724
The sha256sum of the SHA256SUMS file itself is b1e3afe86589cffe1ffa8e5978922df28924637c62ba08ffb8c9fb41231494e9 .

v2.0.1

Changes

• lxc-user-nic: fix /etc/resolv.conf missing IP (#419)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/6?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7793948990
The sha256sum of the SHA256SUMS file itself is 262930950ccc1406ad75b2af45adcd9032375feaf92ade68d6ae76cdd39abd11 .

v2.0.0

Changes

Support detach-netns (#379 , thanks to @fahedouch)

The --detach-netns mode detaches the network namespace associated with slirp4netns, etc. into $ROOTLESSKIT_STATE_DIR/netns,
and executes the child command in the host's network namespace.

The child command can enter $ROOTLESSKIT_STATE_DIR/netns by itself to create nested network namespaces inside it for CNI, etc.

This will be used for:

• Accelerating (and deflaking) nerdctl (push|pull|build).
• Supporting nerdctl run --net=host

See containerd/nerdctl#2723 for how nerdctl will adopt the --detach-netns mode.

New network driver: pasta (with port driver implicit) (#358)

Pasta(https://passt.top/passt/) is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver.
It is still not faster than RootlessKit's builtin port driver, but unlike the builtin port driver, pasta can retain source IP address information.

Network driver	Port driver	Net throughput	Port throughput	Src IP	No SUID	Note
slirp4netns	builtin	Slow	Fast ✅	❌	✅
slirp4netns	slirp4netns	Slow	Slow	✅	✅
pasta	implicit	Slow	Fast ✅	✅	✅	Experimental
lxc-user-nic	builtin	Fast ✅	Fast ✅	❌	❌	Experimental
(bypass4netns)	(bypass4netns)	Fast ✅	Fast ✅	✅	✅	Not integrated to RootlessKit

Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7523006764
The sha256sum of the SHA256SUMS file itself is 86f558c55497f1df37de1f24aee3c3ac6f3231e2262ea2910362ba3f90ef534d .

v2.0.0-beta.0

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7484539298
The sha256sum of the SHA256SUMS file itself is 05e6635dbce6f712ad4f24acc4e916c98983abde875317219e8fd896babd8ceb .

v2.0.0-alpha.2

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7087369125
The sha256sum of the SHA256SUMS file itself is cbf6e81cd4fc638a22bb08eb151d1a2b31886b8f6006242d0922cdad7340f6d8 .

v2.0.0-alpha.1

Changes

support detach-netns (#379 , thanks to @fahedouch)

Planned to be used for:

• accelerating (and deflaking) nerdctl pull and nerdctl build
• supporting nerdctl run --net=host

new network driver: pasta (with port driver implicit) (#358)

Pasta: https://passt.top/passt/
Usage: rootlesskit --net=pasta --port-driver=implicit

• No support for explicit port forwarding (rootlessctl add-ports),
  as pasta doesn't support it yet.
  Use --port-driver=implicit to let pasta forward TCP ports implicitly.
  The forwarded ports are not visible in rootlessctl list-ports.

• No support for forwarding UDP ports

• Tested with pasta 2023_06_25.32660ce on Ubuntu 23.04.
  Doesn't work with 2023_06_03.429e1a7: Option --no-copy-routes needs --config-net
  (This is printed despite that --no-copy-routes is not specified)

• Doesn't work with Ubuntu 23.04's dpkg (passt_0.0~git20230216.4663ccc-1_amd64.deb):
  Couldn't open user namespace /proc/51813/ns/user: Permission denied
  Likely to be related to AppArmor.
  sudo apparmor_parser -R /etc/apparmor.d/usr.bin.passt can eliminate this error, but pasta still fails with another error ( Couldn't get any nameserver address)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download/v2.0.0-alpha.0/rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/6450538315
The sha256sum of the SHA256SUMS file itself is cecafe5edfe8bcd46282173a5bd712de53806d5b6e843f18e88b09a441d45d83 .