Cesar Talledo
Cesar Talledo
Hi @ScottG489, > Does this functionality directly make progress on this issue? Not really as it uses a privileged container and runs Sysbox inside. This issue calls for deploying a...
> However, would you say the sysbox-in-docker approach is more of a security risk due to requiring --privileged (and other mounts) vs using docker.sock I think both approaches (i.e., `--privileged`...
Hi @XiaotongZhao, thanks again for using Sysbox. I don't think it's working properly, as we would expect systemd to initialize. I suspect the problem is the way the CMD and...
Thanks @XiaotongZhao. > as you see, the log information output successful, compare to log information before, it's just a little difference Did systemd reach the login prompt? It seems it...
A couple of comments: * Normally the way you expose host devices inside a Docker container is via `--device` flag, though I get why this is a problem in your...
> Some relevant output from within the sysbox container before switching to --device and chmod'ing the files listed above. What was the command you used to create this container (e.g.,...
Thanks @grvvy. Could you paste this line in full (it seems cut-off): ``` ├─/dev/bus/usb udev[/bus/usb] devtmpfs rw,nosuid,noexec,relatime,size=2938712k, ```
Given that the `rke2-ingress-nginx-controller` is not a Sysbox pod, I suspect the problem is due to some interaction between CRI-O and the `rke2-ingress-nginx-controller` pod, possibly triggered by the presence of...
Hi @mviereck , thanks for filing the issue. The `--ipc=shareable` should work, but I can see why it would fail right now: Sysbox always uses the user namespace (userns) in...
> Would it make sense if Sysbox would enable the same userns in this case ipc is shared? Yes, that would be the fix. > However, this is not important...