Is it possible to use Usernetes in a sort-of "portable" fashion, without the need to even install it under $HOME? This could prove to be useful for temporarily mounting it within an existing container, or deploying it locally without the worry of conflicting with an existing instance.

I naively attempted to run the rootlesscontainers/usernetes docker container using rootless docker but, to be expected, that failed. Definitely a hacky attempt, so I wasn't entirely surprised it didn't work.

But, for reference, the code I attempted can be found here: https://gitlab.com/swivel/isolated-dockerd

For anyone interested:

• Start docker with ./run.sh
• Attempt to user Usernetes with ./usernetes.sh in another Terminal
• Use ./d if you want to interface with the dockerd instance

My next attempt would probably be to write a script to manually start each of the systemd services. I have a feeling this is going to be a bit of work.

Looking into whether or not portabled would be suitable, leveraging --user --machine=$USER@.host

portabled

Do you mean systemd-portabled, or something else?

Usernetes depends on systemd for cgroup delegation, so systemd-less cannot support cgroups.

Do you mean systemd-portabled [...]

Indeed! I may try to see if I can put something together, like an "alternate install" script that would allow you to run Usernetes in a portable manner without installing it to Home using systemd-portabled. Is that something that you all would be interested in including as an option if I included it in a PR?

Not sure if this is achievable, given that portabled seems to require privileges; And, when using --machine=$USER@.host, the image is not addressable using paths (which is mildly confusing). Additionally, an image (or directory structure) is required, which requires elevated privileges in order to achieve (specifically when producing with mkosi). It would be ideal if it were possible to isolate a particular instance of usernetes, allowing for multiple instances, but I'm not sure if systemd-portabled is the right path for this.

A more achievable path might be to be able to specify a custom prefix for the services; that, however, might require a more intrusive change to usernetes where a prefix would need to be specified and known throughout any time that the services are interfaced with.

Given that there isn't any portablectl --user, I'm not sure how feasible this actually is.

Any thoughts or opinions? I'm a little out of my realm of expertise, but I'm trying to learn as much as I can in order to be of use in this area; especially if there's any interest at all in this. The issues I'm running into could very well be due to my ignorance, which I accept. I opened up an RFE on systemd/systemd to explore the implementation of a portablectl --user, but I'm unsure of the level of feasibility or willingness.

Usernetes "Generation 2" now depends on Rootless Docker, so let me close this.