Cory Snider

Here is what I had proposed in the GHSA discussion linked above: > The trouble I see with pushing the responsibility to duplicate `gid` into the `additionalGids` array solely onto...

@neersighted not squashing was intentional. (Omitting the `Co-authored-by` trailer was not...) Since it's such a big change, I want to make it easy for reviewers to compare and contrast our...

> I feel this is too complicated. Can we just add "the `gid` value SHOULD be prepended to the `additionalGids` array"? That would still leave the generator of the container...

@giuseppe all those programs call `initgroups` when setting up a login session, not `setgroups`.

Hi, Moby maintainer here. I recommend replacing [the iptables "network magic"](https://github.com/kubernetes-sigs/kind/blob/79ffb67882fb77f0c8286ea89af66293bed76e1e/images/base/files/usr/local/bin/entrypoint#L458-L470) with a proxy DNS service on each kind node; some process which listens on IPv6 and forwards queries to...

Tracing through the kernel sources, I can confidently claim that the timeout sockopts have _no_ effect when the `O_NONBLOCK` fcntl is enabled. That's a red herring. - [`O_NONBLOCK` on the...

Unlike Go programs, Rust programs don't (inherently) [have a runtime which sends SIGURG to the process](https://go.dev/doc/go1.14#runtime) baked in.

There is a Go build tag: `journald`. Our build scripting happens to enable it whenever libsystemd is available at build time. PRs are welcome!

Swarm is only tangentially involved: it informs libnetwork of the addresses of the remote peers for bootstrapping/joining the NetworkDB gossip cluster. NetworkDB and the memberlist gossip cluster are entirety within...

NetworkDB not converging in a reasonable amount of time is a bug. It does look like `bulkSync` is intended to be that resynching mechanism you suggest, though apparently it is...