Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-925

Add ProcMount option

    XMLWordPrintable

Details

    • Feature
    • Resolution: Unresolved
    • Undefined
    • None
    • None
    • Core
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 50
    • 50% 50%
    • 0
    • 0

    Description

      Background

      Currently the way docker and most other container runtimes work is by masking|
      and setting as read-only certain paths in `/proc`. This is to prevent data|
      from being exposed into a container that should not be. However, there are|
      certain use-cases where it is necessary to turn this off.

      Motivation

      For end-users who would like to run unprivileged containers using user namespaces
      nested inside CRI containers, we need an option to have a `ProcMount`. That is,
      we need an option to designate explicitly turn off masking and setting
      read-only of paths so that we can
      mount `/proc` in the nested container as an unprivileged user.

      Attachments

        Issue Links

          is blocked by

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-207 Support User Namespaces in pods

          • Critical - To be worked on immediately following BLOCKER issues.
          • In Progress
          relates to

          Feature Request - Feature requests from customers and/or users RFE-4517 Add Support for Nested Containers in DevSpaces

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Accepted

          Activity

            People

              gausingh@redhat.com Gaurav Singh
              gausingh@redhat.com Gaurav Singh
              Matthew Werner Matthew Werner
              Derrick Ornelas Derrick Ornelas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: