firecracker-containerd icon indicating copy to clipboard operation
firecracker-containerd copied to clipboard

Published 20 hours ago verified publisher icon firecracker-microvm

jailer improvements

Open xibz opened this issue 4 years ago • 1 comments

This is a list of improvements that should be implemented once this PR has been merged, #249

  1. The jailer should use a user namespace, but currently does not.
  2. ~~Jailer should allow for a custom configuration of jailing through the CreateVM API. Maybe allow complete passing of the configuration. However, this would require writing a bunch of proto definitions. We want memory and cpu to be configurable, as well as numa nodes.~~ We aren't going to copy the runc config into our request as that is really large and most of the fields may not be used. The cpuset.mems and cpuset.cpus has been completed by #334
  3. ~~The jailer should use numa nodes. I believe this can be specified in runc's configuration~~ - Done via #334
  4. ~~Instead of hard linking we should use bind mounts in the jailer handler.~~ Decided that copying was the best solution for now, which is already done. If this changes in the future we can add a separate issue illustrating that.
  5. ~~CreateVMRequest should allow passing of the netns as a parameter.~~ - Done via #305

xibz avatar Sep 13 '19 21:09 xibz

We should also update the getting-started guide and/or other docs with details on how to use the jailer

sipsma avatar Oct 21 '19 17:10 sipsma