crun-sys 0.1.1

Rust FFI bindings for libcrun (OCI container runtime, Linux only)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

# crun-sys

Low-level Rust FFI bindings for [libcrun](https://github.com/containers/crun), the OCI container runtime library.

## Overview

This crate provides raw C bindings generated by [bindgen](https://github.com/rust-lang/rust-bindgen). It exposes the libcrun API for creating, running, and managing OCI containers.

## Platform Support

| Platform | Status |
|----------|--------|
| Linux    | ✅ Full support |
| macOS    | ⚠️ Stub module (compiles, no functionality) |
| Windows  | ⚠️ Stub module (compiles, no functionality) |

**libcrun is Linux-only** — it relies on Linux-specific features:
- cgroups (v1 and v2)
- namespaces (user, pid, network, mount, etc.)
- seccomp (syscall filtering)
- capabilities

On non-Linux platforms, this crate provides a stub module that allows dependent code to compile but provides no runtime functionality.

## Requirements (Linux)

- **libcrun** >= 1.8
- **pkg-config** (for library discovery)
- Development headers for libcrun and dependencies

### Debian/Ubuntu

```bash
apt-get install libcrun-dev libyajl-dev libseccomp-dev libcap-dev pkg-config
```

### Fedora/RHEL

```bash
dnf install crun-devel yajl-devel libseccomp-devel libcap-devel pkgconf-pkg-config
```

### Arch Linux

```bash
pacman -S crun libseccomp libcap
```

## Usage

Add to your `Cargo.toml`:

```toml
[dependencies]
crun-sys = "0.1"
```

### Example (Linux)

```rust
use crun_sys::*;
use std::ffi::CString;
use std::ptr;

fn main() {
    // All FFI functions are unsafe
    unsafe {
        let mut err: libcrun_error_t = ptr::null_mut();
        
        // Load container from OCI config JSON
        let config = CString::new(r#"{"ociVersion": "1.0.0", ...}"#).unwrap();
        let container = libcrun_container_load_from_memory(
            config.as_ptr(),
            &mut err,
        );
        
        if container.is_null() {
            // Handle error, then release
            crun_error_release(&mut err);
            return;
        }
        
        // ... use container ...
        
        libcrun_container_free(container);
    }
}
```

## Safety

All functions in this crate are `unsafe` as they are direct C FFI bindings. The caller **must** ensure:

| Requirement | Description |
|-------------|-------------|
| Pointer validity | All pointers must be valid and properly aligned |
| Null-termination | All C strings must be null-terminated (`CString`) |
| Lifetime management | Contexts and containers must be properly freed |
| Error handling | `libcrun_error_t` must be released via `crun_error_release()` |
| Thread safety | libcrun contexts are **NOT** thread-safe |

## Building from Source

```bash
# Clone the repository
git clone https://github.com/magikrun/magik.git
cd magik/crun-sys

# Build (Linux)
cargo build

# Build (non-Linux) - produces stub module
cargo build  # Warning: libcrun is Linux-only, building stub module

# Run tests
cargo test
```

### Static Builds with musl

For fully portable static binaries that run on any Linux distribution:

```bash
# On Alpine Linux (native musl)
apk add rust cargo libcrun-static libseccomp-static libcap-static yajl-static
cargo build --release

# On other distros - build libcrun from source with musl
# See .github/workflows/ci.yml for the full build process
```

The resulting binary will have zero runtime dependencies.

## Related Crates

- **crun-sys** (this crate) — Raw FFI bindings
- **machineplane** — High-level safe Rust wrapper with `CrunEngine`

## License

Apache-2.0

## Upstream

- libcrun: https://github.com/containers/crun
- Minimum supported version: 1.8