nucleus-container 0.2.0

Extremely lightweight Docker alternative for agents and production services — isolated execution using cgroups, namespaces, seccomp, Landlock, and gVisor
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

//! Example: Container with pre-populated context
//!
//! This example shows how to pre-populate a container with files
//! that the containerized process can access.
//! Note: Requires root privileges to run.

use nucleus::container::{Container, ContainerConfig};
use nucleus::error::Result;
use nucleus::isolation::NamespaceConfig;
use nucleus::resources::ResourceLimits;
use tempfile::TempDir;

fn main() -> Result<()> {
    // Create temporary context directory with sample files
    let temp_dir = TempDir::new()?;
    let context_path = temp_dir.path();

    std::fs::write(context_path.join("data.txt"), "Sample data for agent")?;
    std::fs::write(context_path.join("config.json"), r#"{"key": "value"}"#)?;

    println!("Context directory: {:?}", context_path);

    // Create container configuration
    let limits = ResourceLimits::unlimited()
        .with_memory("512M")?
        .with_cpu_cores(2.0)?;

    let config = ContainerConfig::try_new(
        Some("context-example".to_string()),
        vec![
            "/bin/sh".to_string(),
            "-c".to_string(),
            "ls -la /context && cat /context/data.txt".to_string(),
        ],
    )?
    .with_context(context_path.to_path_buf())
    .with_limits(limits)
    .with_namespaces(NamespaceConfig::all());

    // Run container
    println!("Starting container with context...");
    let container = Container::new(config);
    let exit_code = container.run()?;

    println!("Container exited with code: {}", exit_code);

    Ok(())
}