Sienna Meridian Satterwhite
27ce28e2ea
Replaced nerdctl CLI shell-out with direct gRPC communication via wfe-containerd-protos (tonic 0.14). Connects to containerd daemon over Unix socket. Implementation: - connect() with tonic Unix socket connector - ensure_image() via ImagesClient (full pull is TODO) - build_oci_spec() constructing OCI runtime spec with process args, env, user, cwd, mounts, and linux namespaces - Container lifecycle: create → snapshot → task create → start → wait → read FIFOs → cleanup - containerd-namespace header injection on every request FIFO-based stdout/stderr capture using named pipes. 40 tests, 88% line coverage (cargo-llvm-cov).