Giuseppe Scrivano comments

Results 310 comments of


                                            Giuseppe Scrivano

Incorrect default errnoRet ?

does it work if you force `ENOSYS` for `statx` ( or allow it) in your seccomp profile?

Add --allow-speculation option to disable IBPB/STIBP mitigation

is it something worth adding to the runtime specs?

Make GID optional to allow retaining `overflowgid` (useful for exposing `crw-rw----` devices to Rootless Containers)

I agree it is useful. crun implements it with an annotation. I have already opened a similar issue: https://github.com/opencontainers/runtime-spec/issues/1020

Umask behavior doesn't match spec

I agree to clarify it in the runtime-specs

Formalize support for zstd compression: v1.1.0 ?

I think the way to move forward is to add support for zstd to the different clients but still keep the gzip compression as the default. Generating these images should...

Formalize support for zstd compression: v1.1.0 ?

yes, I think it should be case 2, an image made of two different layers. It would be very confusing to support case 1 this way.

notify_socket.go: use sd_notify_barrier mechanism

> But let's ask @giuseppe -- why you ended up with 30s timeout? I've copied the timeout you set here: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/systemd/common.go#L345 :smile: Although I've decided to ignore any error, so...

Giuseppe Scrivano

Incorrect default errnoRet ?

Add --allow-speculation option to disable IBPB/STIBP mitigation

Make GID optional to allow retaining `overflowgid` (useful for exposing `crw-rw----` devices to Rootless Containers)

Umask behavior doesn't match spec

Formalize support for zstd compression: v1.1.0 ?

Formalize support for zstd compression: v1.1.0 ?

notify_socket.go: use sd_notify_barrier mechanism

Proposal: define a "ALL_CAPS" pseudo-capability to grant all capabilities

Some questions about error handling on runc, crun or other runtime

Prepare / Tag v1.0.3 (or v1.1.0) release