image | command | regular runc (root) [(config)](https://gist.github.com/AkihiroSuda/439b8ff32fe4d2dea7d00499f583eeb2) | runrootless | runrootless+seccomp -- | -- | -- | -- | -- docker gentoo/stage3-amd64 | `emerge --sync` | 52s | 1m43s | 2m54s ditto | `emerge zsh` (after `emerge --sync`) | 2m1s | 9m3s | (crashed quickly) alpine | `apk add gcc` | 1.4s | 2.2s | 2.0s ditto | `apk add openjdk8` | 3.1s | 4.4s | 3.14s ditto | `git clone https://github.com/torvalds/linux.git` | 6m38s | 10m43s | (crashed quickly) - PRoot overhead seems significant for `emerge`, especially during compiling packages - For `apk add`, overhead is negligible - Suggestion: -- Enable PRoot only during `apk`/`apt`/`yum` operation -- Disable PRoot for compilation
emerge --syncemerge zsh(afteremerge --sync)apk add gccapk add openjdk8git clone https://github.com/torvalds/linux.gitemerge, especially during compiling packagesapk add, overhead is negligible-- Enable PRoot only during
apk/apt/yumoperation-- Disable PRoot for compilation