-
Epic
-
Resolution: Done
-
Normal
-
None
-
None
-
support proc Mount with user NS
-
Product / Portfolio Work
-
-
0% To Do, 0% In Progress, 100% Done
-
False
-
-
False
-
Not Selected
-
S
-
None
-
None
-
Program Call
Background
Currently the way docker and most other container runtimes work is by masking|
and setting as read-only certain paths in `/proc`. This is to prevent data|
from being exposed into a container that should not be. However, there are|
certain use-cases where it is necessary to turn this off.
Motivation
For end-users who would like to run unprivileged containers using user namespaces
nested inside CRI containers, we need an option to have a `ProcMount`. That is,
we need an option to designate explicitly turn off masking and setting
read-only of paths so that we can
mount `/proc` in the nested container as an unprivileged user.
- depends on
-
RFE-3254 Support User Namespaces
-
- Approved
-
- is blocked by
-
-
- Closed
-
- is depended on by
-
-
- Coding In Progress
-
- relates to
-
-
- Closed
-
- links to
