Aleksa Sarai
Aleksa Sarai
> All good comments, though I had more hoped the response would be "Let's patch/fix the openat crate". I've posted tailhook/openat#25 and we can see what the maintainer thinks.
Yeah that is one of the options. Ideally that will be the long-term solution (with `subset=pids,hidepid=4` we should be able to make creating a private `procfs` instance safe for unprivileged...
My current idea looks something like: ```c pathrs_config_set(PATHRS_ROOT, root, "resolver.type", "emulated"); pathrs_config_set(PATHRS_NONE, NULL, "error.backtraces", true); ``` But the main problem is that you'd have to assume the type of the...
I think the only thing remaining is the Executive Director stuff (#85) but I would like to know what @caniszczyk wants to be done on that front. And we should...
Charter Rework Explanatory Memorandum ## Charter Rework Explanatory Memorandum ## The purpose of [the proposed changes][pr-86] is two-fold: 1. To modernise the OCI Charter so that it more accurately describes...
I can split it up into multiple PRs, though it's not clear to me whether separate PRs would constitute separate changes and thus separate versions of the Charter? Given that...
Yup, I'll do it that way then. I'll send the separate PRs next week after Easter.
I think the only way we can reasonably do this at the moment is to try `MNT_EXPIRE` and if it fails with `-EPERM` we log a warning and continue. If...
It isn't implemented, though I'm not definitely not against the idea. Though, one problem is that we cannot (as easily) implement it for the kernel-mode driver because that actually does...
For the kernel side, I could try to add a `RESOLVE_PRIVILEGED_SYMLINKS` to a future version of the `openat2` patchset which implements those semantics. But I'd like to get `openat2` merged...