Giuseppe Scrivano
Giuseppe Scrivano
The general idea is to enable as few syscalls as possible to reduce the attack surface. The `personality` syscall seems relatively safe. However, enabling it by default will still increase...
@mtrmac is it ready to review?
the error I am seeing is that we pass the value `-1` to > * How this is happening? I can’t see any c/storage caller setting this to -1 ....
> OK, so this is > > * a schema1 image (unknown layer size) > * the transparent conversion path (needs to read the full file) > * `ImageSourceSeekable` not...
I've tried adding a new method `GetBlob` to retrieve the entire blob, but I think the current API is more flexible, with a minimal change. I've updated the comments
thanks, addressed your comments in the last version
> Seems like there is one comment by @mtrmac that was not addressed? I thought I've addressed them all, which one is still missing?
> https://github.com/containers/image/pull/2391/files#r1589601556 Thanks. Fixed now
@flouthoc PTAL
> If you think that’s never going to be necessary, _shrug_, this PR is an improvement as is. your version is better, I've fixed it and pushed a new version