qm docs: What happens if user decide to run stalld in the QM partition? (Not in the main partition)

docs: What happens if user decide to run stalld in the QM partition? (Not in the main partition)

Open dougsland opened this issue 1 year ago • 0 comments

Let's write a document explaining what happens (with example what really happens when trying to run it) and why we do not allow it.

Some context for the document:

sched_setattr() is the syscall that the service stalld uses behind the scenes. The QM container/partition won't allow to use it via namespaces (seccomp), so if a program try to use it (calling the system call) won't work, it will be blocked. However, if the sysadmin decide to run stalld in the main partition (let's assume in the Host machine, not in the QM partition which is a running container inside the host) it will work and can even read the files under the QM partition (/usr/lib/qm/rootfs). 

You might ask, why we did that? We followed the Risk Assessment team requests.
See-Also:
seccomp: The use of SCHED_DEADLINE inside QM is not supported
https://github.com/containers/qm/issues/375

May 06 '24 15:05 dougsland

qm qm copied to clipboard

docs: What happens if user decide to run stalld in the QM partition? (Not in the main partition)

qm
qm copied to clipboard