Evan Lezar

Is something similar required for devices since the uid and gid in the spec are the IDs in the container (https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#devices)?

> For devices (char device, block device, etc.), I think we should used the mapped UID/GID. In other words, if the inode on the host has UID 0, then we...

From the linked issue I see the following in the k3s events: ``` Pod sandbox changed, it will be killed and re-created. ``` This seems to indicate that something is...

Looking at the current `k3s` code: https://github.com/k3s-io/k3s/blob/649678bd89695bc3605a360bbe3f9557447d19f2/pkg/agent/templates/templates_linux.go#L101-L104 Could you confirm that your k3s version has this change? See https://github.com/k3s-io/k3s/releases/tag/v1.28.3%2Bk3s2, for example.

/cc @elezar

The optionality of the fields is taken directly from the OCI runtime spec with the relevant sections being specified: * https://github.com/opencontainers/runtime-spec/blob/main/config.md#mounts * https://github.com/opencontainers/runtime-spec/blob/main/config.md#posix-platform-mounts

Since the spec is interpreted by the low-level runtime, the behaviour depends on the implementation there. For example, in `runc`: https://github.com/opencontainers/runc/blob/f023e1c222f0b2c2584544a44d7b734cd6c311a5/libcontainer/specconv/spec_linux.go#L652-L661 the `Type` field is ignored for bind mounts.

> Type may be ignored by runc, but from memory, if I didn't have rbind (or maybe bind) in the Options for a bind mount, then runc failed to setup...

@klihub the fix in the PR looks reasonable. Does this also mean that we need to extend the CDI spec to allow these fields to be specified in mounts assuming...

/cc