Aleksa Sarai
Aleksa Sarai
This is one of many pitfalls of shared mount propagation, and as such I would strongly suggest not using it unless it's really necessary. Unlike regular unmounts, the mount namespace...
It seems that the issue is that `openat2` is available after the update (`openat2` was added in Linux 5.6). However this code definitely works on both old and new kernels,...
Hi, it seems that you've opened an issue that is in relation to using `github.com/opencontainers/runc/libcontainer` directly from your own Go code. While we may do our best to help you...
What happens if you apply this patch? ```diff diff --git a/libcontainer/cgroups/fscommon/open.go b/libcontainer/cgroups/fscommon/open.go index e95876a21769..2ef1e15cfae8 100644 --- a/libcontainer/cgroups/fscommon/open.go +++ b/libcontainer/cgroups/fscommon/open.go @@ -1,6 +1,7 @@ package fscommon import ( + "fmt" "os"...
Hmm, so it seems that fd 30 is being swapped with a handle to `/` or something like that? You can try to add some similar readlink-based debugging code to...
> can this bug assign a cve? If you'd like to have a security advisory and CVE created for this issue you would need to show how an attacker could...
I think I would prefer #245 but I don't quite understand what purpose `uniqMcs` is serving and if there is a nicer solution somewhere, I'll try to take a closer...
Ah okay, so it seems like there's two issues here: 1. There is an arbitrary limit on the number of categories (`1024`). 2. In order to select a value for...
Yeah the RedHat docs I found when I looked at this the other day all imply that the 1024 limit is a real system wide limit. In that case I...
This project is basically unmaintained, I would suggest using [umoci](https://github.com/opencontainers/umoci) instead.