Rootless support

[dsseng]

I see #52 is open for networking in rootless mode. However, it's not yet clear in docs how to run anything at all in rootless mode. I believe the bare minimum would be systemd-run --user --property=Delegate=true ./target/debug/auraed ..., but that doesn't really help (cell 'my-cell' could not be allocated: Operation not permitted (os error 1)). The origin of error is unclear, but likely to be in cgroup creation.

OS: Fedora 37, SELinux: enforcing, running systemd with cgroupv2.

AuraeScript code ran:

import * as runtime from "./auraescript/gen/runtime.ts"

let cells = new runtime.CellServiceClient();

let allocated = await cells.allocate(<runtime.AllocateCellRequest>{
    cell: runtime.Cell.fromPartial({
        name: "my-cell",
        cpus: "2"
    })
});

let started = await cells.start(<runtime.StartExecutableRequest>{
    executable: runtime.Executable.fromPartial({
        cellName: "my-cell",
        command: "sleep 4000",
        description: "Sleep for 4000 seconds",
        name: "sleep-4000"
    })
})

Sorry if something is very wrong on my side: I've only started working with Aurae, but very excited to start working with it, maybe contributing some code.

[krisnova]

This is great! Thanks for bringing this up. We still have a lot of work to do with rootless mode. Currently allocating cells require privileged mode with Aurae however we are working towards Aurae being the daemon and the clients being able to schedule network devices without privilege.

For example if you run

sudo -E auraed

you will be able to execute AuraeScript against the daemon and it should work.

In the future we will allow that same AuraeScript (or any client) to be able to schedule networks and interfaces without root privileges. Hope this helps.

[dsseng]

I'll be happy to work on this, thanks for explaining

[dsseng]

Now it says cell 'my-cell' could not be allocated: File not found: /proc/0. Also, if I Ctrl-C the auraed process, it leaves cgroups behind requiring me to rmdir them manually.