Aleksa Sarai
Aleksa Sarai
I think `org.opencontainers.runc.*` isn't the right namespace for us, since that is reserved for spec-related things. It's a little complicated because we are also an OCI project... I think we...
Anything is possible I guess, but I don't know how @giuseppe would feel about it. I do think the `oci.run` domain (and `run.oci.*` annotations) have lead to some confusion about...
Is podman setting "rw" explicitly here? If they are just doing "bind" with no additional options then the existing flags should be copied without touching any locked flags. (The change...
Yeah, I was trying to figure out how to reproduce this but couldn't figure it out. I was going to install NixOS to double-check but I didn't have time...
The script you posted works on openSUSE Tumbleweed. I'll test this in a VM... In your original comment you said you had an strace log of the failure -- can...
Sorry for not responding earlier. My initial thoughts are that `config.json` is a fairly straightforward thing to modify with `jq` and it's quite hard to get something like mount configurations...
Feel free to re-open if you'd like to discuss this further.
For privileged unpacking, this could be quite trivial because the uAPI for v2 and v3 caps is quite straightforward: ```c #define VFS_CAP_REVISION_MASK 0xFF000000 #define VFS_CAP_REVISION_SHIFT 24 #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK #define...
It should also be noted that file passthrough for stdio is something folks should avoid using if possible. It's only really useful if you are using runc directly from shell...
Ah okay, I was going off the discussion we had a few weeks ago, I didn't notice that we'd resolved the outstanding issues. I'm okay to merge this then.