Cory Snider

EINTR on netlink sockets is a new one. I suspect it has more to do with the netlink dependency bump you pulled in when rebasing than on the Go toolchain...

IIRC in the IPAM contract, the PoolID string is an opaque handle to an allocated IPAM pool. I don't think it is even exposed to the user anywhere in the...

> I excluded JSON marshalling specifically because `json.Marshal()` returns an error. I thought it'd be preferable to write an error-free code than ignoring a marshalling error. Don't ignore the error,...

> First, because I fail to see an example where that would be useful. I'm planning to add a new 'AllocID' field and we might consider making the allocator VNI-aware....

The only callers to `iptables.OnReloaded` are the bridge driver (to replay iptables rule insertions) and this gem (to replay iptables chain creation and rule insertion): https://github.com/moby/moby/blob/cff4f20c44a3a7c882ed73934dec6a77246c6323/libnetwork/firewall_linux.go#L15-L31 I'm going to experiment...

Authz plugins provide access control for the Engine API without reverse-proxying, i.e. "doing an HTTP protocol break", potentially making it safe to allow browser-based clients.

Discussed in the maintainer's call today. An admin could easily enable this flag before installing an authz plugin, and in doing so would leave a window of opportunity for unauthenticated...

I think we should hold off until #47248 is resolved as I suspect it is also a rootlesskit/v2 regression

In contrast to #47483, which had to do with authoring of images where the _source inputs_ were tarballs containing xattrs; this issue has to do with the importing of _already-authored_...

@scorpionknifes we do not want to change the SDK defaults for everyone. We just need a way to change the defaults _for our application_ where the OpenTelemetry-mandated _SDK_ defaults would...