added isolation feature for running containers

examples/buildah.rs

@@ -19,7 +19,8 @@ pub fn run_buildah_example() -> Result<(), BuildahError> {
     
     // Step 2: Run a command in the container
     println!("\n=== Installing nginx in container ===");
-    let install_result = buildah::run(container_id, "dnf install -y nginx").unwrap();
+    // Use chroot isolation to avoid BPF issues
+    let install_result = buildah::run_with_isolation(container_id, "dnf install -y nginx", "chroot").unwrap();
     println!("{:#?}", install_result);
     println!("Installation output: {}", install_result.stdout);
     

src/virt/buildah/containers.rs

@@ -8,10 +8,26 @@ pub fn from(image: &str) -> Result<CommandResult, BuildahError> {
 }
 
 /// Run a command in a container
+///
+/// # Arguments
+///
+/// * `container` - The container ID or name
+/// * `command` - The command to run
 pub fn run(container: &str, command: &str) -> Result<CommandResult, BuildahError> {
     execute_buildah_command(&["run", container, "sh", "-c", command])
 }
 
+/// Run a command in a container with specified isolation
+///
+/// # Arguments
+///
+/// * `container` - The container ID or name
+/// * `command` - The command to run
+/// * `isolation` - Isolation method (e.g., "chroot", "rootless", "oci")
+pub fn run_with_isolation(container: &str, command: &str, isolation: &str) -> Result<CommandResult, BuildahError> {
+    execute_buildah_command(&["run", "--isolation", isolation, container, "sh", "-c", command])
+}
+
 /// Copy files into a container
 pub fn copy(container: &str, source: &str, dest: &str) -> Result<CommandResult, BuildahError> {
     execute_buildah_command(&["copy", container, source, dest])

src/virt/buildah/containers_test.rs

@@ -64,8 +64,11 @@ mod tests {
         test_execute_buildah_command(&["from", image])
     }
 
-    fn test_run(container: &str, command: &str) -> Result<CommandResult, BuildahError> {
+    fn test_run(container: &str, command: &str, isolation: Option<&str>) -> Result<CommandResult, BuildahError> {
-        test_execute_buildah_command(&["run", container, "sh", "-c", command])
+        match isolation {
+            Some(iso) => test_execute_buildah_command(&["run", "--isolation", iso, container, "sh", "-c", command]),
+            None => test_execute_buildah_command(&["run", container, "sh", "-c", command])
+        }
     }
 
     fn test_copy(container: &str, source: &str, dest: &str) -> Result<CommandResult, BuildahError> {
@@ -107,11 +110,18 @@ mod tests {
         
         let container = "my-container";
         let command = "echo hello";
-        let result = test_run(container, command);
         
+        // Test without isolation
+        let result = test_run(container, command, None);
         assert!(result.is_ok());
         let cmd = get_last_command();
         assert_eq!(cmd, vec!["run", "my-container", "sh", "-c", "echo hello"]);
+        
+        // Test with isolation
+        let result = test_run(container, command, Some("chroot"));
+        assert!(result.is_ok());
+        let cmd = get_last_command();
+        assert_eq!(cmd, vec!["run", "--isolation", "chroot", "my-container", "sh", "-c", "echo hello"]);
     }
 
     #[test]