Expand description
Lightweight systemd-nspawn container manager with overlayfs.
sdme manages containers backed by explicit root filesystems, keeping
the base rootfs untouched via overlayfs copy-on-write. Each container
gets upper/work/merged directories under the data directory and a
KEY=VALUE state file that tracks its metadata.
Requires Linux with systemd (>= 255) and root privileges.
§Modules
| Module | Purpose |
|---|---|
containers | Create, remove, join, exec, stop, list |
systemd | D-Bus helpers and template unit management |
import | Rootfs import (dir, tar, URL, OCI, QCOW2) |
oci | OCI registry, layout, app setup, blob cache |
kube | Kubernetes Pod YAML support |
export | Rootfs export (dir, tarball, raw image) |
rootfs | Rootfs listing, removal, os-release parsing |
build | Build config parsing and rootfs build execution |
config | Configuration file loading and saving |
lock | Advisory file locking for resource protection |
mounts | Bind mount and environment variable config |
network | Network configuration and state serialization |
security | Capability, seccomp, AppArmor config |
system_check | Version and dependency checks |
pod | Shared network namespace management |
txn | Enumerated transaction staging and gc |
Re-exports§
pub use mounts::BindConfig;pub use mounts::EnvConfig;pub use network::NetworkConfig;pub use security::SecurityConfig;
Modules§
- build
- Build root filesystems from a Dockerfile-like configuration.
- config
- Internal API for managing sdme configuration.
- containers
- Internal API for container filesystem, state, and runtime management.
- cp
- File copy between host, containers, and root filesystems.
- export
- Rootfs export: directory copy, tarball creation, raw disk image.
- import
- Rootfs import logic: directory copy, tarball extraction, URL download, OCI image, registry pull, and QCOW2 support.
- kube
- Kubernetes Pod YAML support for sdme.
- lock
- Advisory file locking for resource protection across all mutating operations.
- mounts
- Bind mount and environment variable configuration for containers.
- network
- Network configuration for containers.
- oci
- OCI container image support: layout parsing, registry pulling, app setup, and caching.
- pod
- Pod network namespace management.
- rootfs
- Internal API for managing root filesystems used as overlayfs lower layers.
- security
- Security configuration for containers.
- system_
check - Runtime dependency and version checks.
- systemd
- Internal API for managing interactions with systemd and D-Bus.
- txn
- Enumerated transaction staging for filesystem operations.
Structs§
- Download
Progress - Download progress display for interactive terminals.
- Interrupt
Guard - RAII guard that saves and resets interrupt state on creation, and restores it on drop.
- Resource
Limits - Resource limits that map to systemd cgroup directives.
- State
- Container metadata stored as KEY=VALUE pairs in a state file.
- Sudo
User - Information about the real user behind
sudo.
Statics§
- INTERRUPTED
- Global flag set by the SIGINT/SIGTERM handler; checked by
check_interrupted.
Functions§
- atomic_
write - Write data to a file atomically via a temporary file and rename.
- atomic_
write_ mode - Write data to a file atomically with explicit permissions.
- check_
interrupted - Return
Errif the global SIGINT/SIGTERM flag is set. - confirm
- Prompt the user for yes/no confirmation, returning
Ok(true)for “y”. - confirm_
default_ yes - Prompt the user for yes/no confirmation, returning
Ok(true)for “y” or empty input (Enter). Only “n”/“no” returnsfalse. - install_
interrupt_ handler - Install the SIGINT and SIGTERM handler that sets the global
INTERRUPTEDflag. - interrupt_
exit_ code - Return the exit code appropriate for signal-terminated processes.
- parse_
size - Parse a human-readable size string (e.g. “10G”, “512M”) into bytes.
- read_
line_ interruptible - Read a line from stdin, returning
ErrorKind::Interruptedif a signal interrupts the read. - reset_
interrupt - Reset the interrupt flag and re-install the signal handler.
- restore_
interrupt - Restore a previously saved interrupt state.
- save_
and_ reset_ interrupt - Save the current interrupt state and reset it.
- sudo_
user - Returns info about the real user behind
sudo, if applicable. - validate_
name - Validate a container name.