Details
-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
50
-
50%
-
0
-
0
Description
Background
Currently the way docker and most other container runtimes work is by masking|
and setting as read-only certain paths in `/proc`. This is to prevent data|
from being exposed into a container that should not be. However, there are|
certain use-cases where it is necessary to turn this off.
Motivation
For end-users who would like to run unprivileged containers using user namespaces
nested inside CRI containers, we need an option to have a `ProcMount`. That is,
we need an option to designate explicitly turn off masking and setting
read-only of paths so that we can
mount `/proc` in the nested container as an unprivileged user.
Attachments
Issue Links
- is blocked by
-
OCPSTRAT-207 Support User Namespaces in pods
- In Progress
- relates to
-
RFE-4517 Add Support for Nested Containers in DevSpaces
- Accepted