Paul Holzinger
Paul Holzinger
Looking at the code I noticed we do set the arp_notify sysctl to 1 for the veth inside the container which per kernel docs should send out a Generate gratuitous...
@giuseppe WDYT?
I think the fact that `:ro` does not apply to child mounts violates POLA and given if one sets `ro` they likely want the security that this means a container...
We don't have a daemon to store a cache and even if we only do it once on first start and write it to the rundir we then would have...
Duplicate of https://github.com/containers/podman/issues/22459? Overall I still think this should be something that is done by the oci runtime not podman directly. Of course podman then still has to expose this,...
Maybe expose this via `crun update` as new option there and hopefully get runc to support that too. Though it raises the question if we can add mounts should we...
Given it is an overlay mounts and rw is safe (and already supported) allowing users to pass other mounts options should be fine. That said I don't think your patch...
Are you trying to port buildah on windows? It would be news to me that buildah can be used on windows. cc @nalind
The change itself should be fine BUT I think it would likely best to start with some high level overview of what you are going to change and how buildah...
Yeah it doesn't look very nice, to be honest I still don't understand why this is shown at all in docker... Adding a new cli options seems awkward (would you...