• BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 50% To Do, 0% In Progress, 50% Done
    • 0
    • Program Call

      Background

      Currently the way docker and most other container runtimes work is by masking|
      and setting as read-only certain paths in `/proc`. This is to prevent data|
      from being exposed into a container that should not be. However, there are|
      certain use-cases where it is necessary to turn this off.

      Motivation

      For end-users who would like to run unprivileged containers using user namespaces
      nested inside CRI containers, we need an option to have a `ProcMount`. That is,
      we need an option to designate explicitly turn off masking and setting
      read-only of paths so that we can
      mount `/proc` in the nested container as an unprivileged user.

              gausingh@redhat.com Gaurav Singh
              gausingh@redhat.com Gaurav Singh
              Matthew Werner Matthew Werner
              Derrick Ornelas Derrick Ornelas
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: