Aleksa Sarai
Aleksa Sarai
@rata That is the third option I suggested, though maybe I could've phrased it better :sweat_smile: . You can do the same thing with `runc create` or with hooks.
@kolyshkin > One thing runc exec does and crun exec does not is parsing /etc/passwd and /etc/group. I do not understand why it's needed, since we pass uid:gid as numbers...
It should also be noted that distributions themselves have different licenses to their constituent software (quite a few distributions are GPL, I think this is the case for Fedora and...
Ah, it seems `openat` and `openat2` are also missing. I guess that means I can't do Miri tests for https://github.com/openSUSE/libpathrs since `openat` and `openat2` are used everywhere throughout it (since...
Funnily enough, [the library I was trying to verify with `miri`](https://github.com/openSUSE/libpathrs) is a crate for sandboxing path operations (of the kind mentioned in that issue). 😅 I'll keep an eye...
Also, it should be noted the runc version is 1.1.3, which is more than 2 years old. Can you try with the latest 1.1.13 (and 1.2.0-rc2 if possible)?
This is a bug in https://github.com/syndtr/gocapability. You would just need to switch to using `sync.Once`. EDIT: Ah, you already made a bug (syndtr/gocapability#26). **Please link related bugs so they're easier...
I mean to do `sync.Once` like this (which is what we usually do elsewhere in runc): ```go var ( someBoolOnce sync.Once someBool bool ) func getSomeBool() bool { someBoolOnce.Do(func() {...
We don't expose it in libpathrs, this is mainly a request as a user of `rustix`. However (as the author of `openat2`), there are quite a few extra features we...
Ah, so the issue is that if the secret is one byte then there is a 1-in-256 chance that we will accidentally get the same secret. I guess we could...