Rootless networking: From possible to practical - David Gibson (Everything Open 2024)

Presented by David Gibson Containers have become the go to approach for deploying and isolating software. They give the illusion of a full system managed by the application, while actually allowing a host to run many isolated things. Virtual Machines, which preceded containers and still have uses today, achieve a similar result in a different way. In both cases the underlying technology (namespaces, CPU virtualisation) can be freely used by a non-privileged user, so in theory it should be best practice to run containers and VMs without root. But, most guests need a network connection to the outside world, and so far that's required one of two choices: 1) The guest can be attached to a network interface routed through the host kernel. That works well, but requires root on the host, or at least some kind of administratively privileged helper infrastructure. 2) Use a "rootless" network. This approach, typically based on libslirp, can be used without administrative assistance, but has poor performance, requires awkward NAT and has other limitations. So, networking requiring privileged setup has been the norm for all production deployments of both containers and VMs, with rootless networks relegated to "quick and dirty" testing and experimental jobs. In the last two years, Stefano Brivio and myself have written passt & pasta. While superficially similar to Slirp, these tools are dramatically faster (usually 10 or more times the throughput), don't require NAT and have a generally more modern and robust design. This makes rootless networking practical for production cases, not just experiments and tests. This talk describes how this can be used to build practical rootless networks today using integration with tools like Podman and libvirt and examines some of the use cases that this now allows. https://2024.everythingopen.au/schedule/presentation/37/ From Everything Open 2024 - Gladstone, QLD, Australia Everything Open is a conference focused on open technologies, including Linux, open source software, open hardware and open data, and the communities that surround them. The conference provides technical deep-dives as well as updates from industry leaders and experts on a wide array of topics from these areas. Video licensed as CC BY-NC-SA 4.0 - https://creativecommons.org/licenses/by-nc-sa/4.0/ Produced by Linux Australia: https://linux.org.au #everythingopen #linuxconfau #linux #foss #opensource