Aleksa Sarai
Aleksa Sarai
@crosbymichael > How is this even a concern of the spec? If ref name was important to the spec it wouldn't be in annotations. While that's all well and good,...
FWIW I also think adding hooks (where they make sense) might be a good decision, specifically because it allows us to avoid having to have even more wrappers-of-wrappers when people...
Yes, that's the issue I was referring to. Most of the discussion about hooks for GPU happened in-person at the time (this was at Linux Plumbers) so I can't really...
AFAIK the `libcontainer/devices` and `libcontainers/user` stuff that Docker et al uses is fairly minor -- `libcontainer/user` is kinda needed by higher-level runtimes so we'd need to export it no matter...
> (and I admit that despite staring at cgroups code for quite a long time I don't fully understand yet why CleanPath is ever needed) It was mostly an abundance...
I **really** don't like how complicated this fallback code is getting -- not to mention how complicated such a trivial fix has become. If `/run` is often mounted `noexec`, then...
`nsdelegate` is a bit of a weird design which doesn't really fit with the "container config" purpose of the runtime-spec. It only applies to `cgroupv2` and it applies to all...
> It seems like all we really use Freezer for (that's critical) is to terminate all processes within the container, no? This could just as easily be done by setting...
Same DCO issue again. ;)
It's implemented using the devices cgroup. In order to allow `/dev/fuse` in a container -- assuming you're using something like `runc` directly -- you need to add the relevant type,...