Loading...

XML

Word

Printable

Type: Feature
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: Core
Labels:

Work Type:
BU Product Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Hierarchy Progress Bar:

50% To Do, 0% In Progress, 50% Done

Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Impact Score:

Intelligence Requested:
Market:

Background

Currently the way docker and most other container runtimes work is by masking|
and setting as read-only certain paths in `/proc`. This is to prevent data|
from being exposed into a container that should not be. However, there are|
certain use-cases where it is necessary to turn this off.

Motivation

For end-users who would like to run unprivileged containers using user namespaces
nested inside CRI containers, we need an option to have a `ProcMount`. That is,
we need an option to designate explicitly turn off masking and setting
read-only of paths so that we can
mount `/proc` in the nested container as an unprivileged user.

is blocked by

OCPSTRAT-207 TP in 4.17 : Support User Namespaces in pods

Closed

relates to

RFE-4517 Add Support for Nested Containers in DevSpaces

Accepted

Assignee:: Gaurav Singh

Reporter:: Gaurav Singh

Doc Contact:: Matthew Werner

Product Operations Engineering Contact:: Derrick Ornelas

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/10/05 4:40 PM

Updated:: 2024/10/16 10:49 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates