Here on the Nomad team we are pleased to announce the inaugural General Availability (GA) release of our exec2 task driver! The initial version is v0.1.0. Along with Nomad v1.9, this new task driver is able to make use of modern Linux features such as the Landlock LSM to provide fast and efficient file system and resource sandboxing. The exec2 task driver enables running tasks with convenient yet restricted access to the host file system.
config {
command = "python3"
args = ["-m", "http.server", "--directory", "/srv/www"]
unveil = ["rw:/srv/www", "r:/etc/mime.types"]
}
By using landlock for file system isolation the driver avoids the need to create a costly chroot for each task being launched. The startup times for exec2 tasks are typically a small fraction of an equivalent task being launched by the original exec driver. The exec2 task driver also leverages linux namespaces to enable bridge networking as well as linux cgroups to provide CPU and memory resource isolation.
Please report any issues found to GitHub.
As usual, a shout-out to the community for bug reports and PRs.
Thank you,
The Nomad Team
Links:
v0.1.0 Changelog - GitHub
v0.1.0 Binaries - HashiCorp Releases