What is Rustainer?
Rustainer is a lightweight container runtime written in Rust, designed for security, performance, and simplicity. It provides a minimalist approach to containerization with a focus on memory safety and efficient resource utilization.
How does it work?
Rustainer leverages Rust’s memory safety guarantees and zero-cost abstractions to create a secure container environment. It uses Linux namespaces, cgroups, and seccomp filters to isolate containers while maintaining minimal overhead.
Key features include:
- Memory-safe implementation: Built with Rust to eliminate entire classes of memory-related vulnerabilities
- OCI compatibility: Works with standard container images and specifications
- Minimal footprint: Designed for resource-constrained environments
- Strong isolation: Comprehensive namespace separation and security controls
- Simple CLI interface: Easy to use and integrate into existing workflows
Rustainer Architecture
Rustainer uses a modular architecture with the following components:
- Container Manager: Central component that orchestrates container lifecycle
- Image Service: Handles container image operations (pull, push, build)
- Runtime Service: Manages container execution and lifecycle
- Network Service: Configures container networking
- Storage Service: Manages volumes and persistent storage
These components interact with the Linux kernel to provide isolation and resource control through namespaces, cgroups, and seccomp filters.
Where can I get it?
Download Rustainer from GitHub and get started with it now!
If you have any problems or require assistance, please open a support issue here .
High-level architecture
Container Isolation Model
Rustainer implements a comprehensive isolation model using Linux kernel features:
Container Isolation Model
Rustainer implements comprehensive isolation using Linux kernel features:
- Process Namespace: Isolates process trees
- Network Namespace: Provides isolated network stack
- Mount Namespace: Isolates filesystem view
- UTS Namespace: Isolates hostname and domain name
- IPC Namespace: Isolates inter-process communication
- User Namespace: Maps container users to host users
- Seccomp Filters: Restricts system calls
- Capabilities: Fine-grained permission control
- Cgroups: Resource usage limitations
Runtime Components
The core components of Rustainer work together to provide a secure and efficient container experience:
Runtime Components
Rustainer consists of several key components:
- CLI: Command-line interface for user interaction
- API Server: RESTful API for programmatic control
- Container Manager: Orchestrates container lifecycle
- Image Manager: Handles container images
- Runtime Manager: Interfaces with OCI runtimes
- Storage Manager: Manages overlay filesystems and volumes
- Network Manager: Configures container networking with CNI plugins
Getting Started
Installation
# Clone the repository
git clone https://github.com/ao/rustainer.git
cd rustainer
# Build the project
cargo build --release
# Install the binary
sudo cp target/release/rustainer /usr/local/bin/
Basic Usage
# Run a container
rustainer run --image alpine:latest --name my-container
# List running containers
rustainer list
# Execute a command in a running container
rustainer exec my-container /bin/sh
# Stop a container
rustainer stop my-container