Ben Cressey
Ben Cressey
> Would you want to upstream this as part of the core ruleset? The comments in the rules don't call this out directly, but a goal is to exclude CSI...
> Given that you are excluding sd* disks now to exclude EBS volumes, how can I introduce my change without inadvertently tagging EBS volumes as "ephemeral" also? EBS volumes would...
There are a couple things that could be going on here. If the SDK changes, but the version doesn't change, then that doesn't trigger a full rebuild. This is partly...
> I'd love to find a way to remove the special-casing around core-kit here, though. I wonder if "the right way" is to provide some generic preprocessor which removes the...
kexec relies on kernel drivers to implement a PCI device shutdown hook correctly in order to work reliably. As one example, in-flight DMA requests need to complete before the kexec,...
Nice work tracking this down! > with this new kernel once the container exits , the binfmt entries are unmounted and thus the arm64 commands I'm trying to run aren't...
> I'll also try patching [host-ctr](https://github.com/bottlerocket-os/bottlerocket-core-kit/blob/6af3893bd4b911df4f9b51022a2e218d16c461fe/sources/host-ctr/cmd/host-ctr/main.go#L859) to pass in the host's /proc/sys/fs/binfmt_misc so that bootstrap containers can populate that. This doesn't work, since it runs afoul of the [checkProcMount](https://github.com/opencontainers/runc/blob/57798c6776302d4b8f4f6b9dbbf1e1ea082d7444/libcontainer/rootfs_linux.go#L772) safety...
@gbucknel that's correct - containers are the only way to run custom code on Bottlerocket. While poking at this, I noticed that the `binfmt_misc` filesystem isn't mounted on the host...
@gbucknel I was able to get the following bootstrap container working. The two challenges involved were that the host didn't have its own `binfmt_misc` mount already, and the SELinux labels...
Happy to help! If it's easier to integrate, I expect it'd be possible to make this work in a k8s pod also, with a spec like this: ``` apiVersion: v1...