I’ve been hearing about rootless studios in various issues and conversations, but I can’t seem to find any documentation about it. Can someone point to me where I can find it? or can someone explain to me what this feature is and why we have it?
Well there are no docs on it because (in theory) it should behave exactly like the chroot studio. The TL;DR is that it’s an unpriveleged docker container that runs a studio. Previously, we needed the
--privileged flag when starting up a docker studio because we needed to chroot inside of it. Now with the “rootless” studio, you no-longer need root privileges to launch studios.
The benefit of this further down the line will be builds that can happen in ephemeral environments without compromising your hosts. Ex: k8s jobs that can run hab builds.