Cory Snider
Cory Snider
"Bad address" is the strerror of `EFAULT`. [execve(2)](https://man7.org/linux/man-pages/man2/execve.2.html#:~:text=EFAULT%20pathname%20or%20one%20of%20the%20pointers%20in%20the%20vectors%20argv%20or%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20envp%20points%20outside%20your%20accessible%20address%20space.) says: > EFAULT > `pathname` or one of the pointers in the vectors `argv` or `envp` points outside your accessible address space.
cc: @akerouanton
This is an MVP to keep the review focus on the iptables rules themselves without getting sidetracked by runtime-switching concerns.
No, this PR was not merged. I'm not sure why you would want to backport the fixes to 20.10.16 rather than just upgrading to 20.10.24+ which have the vulnerabilities fixed....
[RedHat decided to deprecate the `xt_u32` kernel module](https://bugzilla.redhat.com/show_bug.cgi?id=2061288) in RHEL 8 and remove it in RHEL 9 as a way to nudge users towards migrating to native `nftables`. This is...
Rewriting history and force-pushing is fine, especially when fine-tuning a small PR. The previous commit history is not really accessible, though it is rarely an issue in my experience.
> TBH, it feels wrong to actually work around this on our side, and I think attestation manifest should use a different media type. It's unfortunate that the attestation manifest...
Would this be an API-breaking change? If I'm understanding correctly, inspecting a container created with the network mode "default" would be changed to return a `HostConfig.NetworkMode` of "bridge" or "nat"...
Good news! `go vet` [will be able to perform the module compatibility check itself starting in Go 1.23.](https://tip.golang.org/doc/go1.23#:~:text=workspace%20in%20use.-,Vet,in%20a%20module%20whose%20go.mod%20file%20specifies%20go%201.21.,-Cgo)
> CreateEndpoint still needs to know whether to set up IPv6 addresses, so I've added CreateEndpointForSandbox that takes the Sandbox as a param. Please, please, **please** just make it the...