Giuseppe Scrivano
Giuseppe Scrivano
> In my view, the best solution to the problem of such volumes is to do exactly what LXD does -- "punch out" the GID that the storage volume is...
> @rptaylor > > I know there are technical reasons, but I think the security model should be considered differently in different contexts. Sometimes a container is used to isolate...
It is not available on RHEL7. I think you need to specify the `--runtime` option to o podman before the `run` like `podman --runtime=... run ...`
could we use `memory.high` instead of `memory.max`?
@valyala PTAL
I've already talked with @cyphar about it, but I'll comment here as well so to not lose track of it. The deduplication could also be done only locally (for example...
> @mheon @giuseppe is it even possible to restart slirp4netns in this case? I would imagine there'd be some runtime state that would be lost. I would expect slirp4netns dying...
we could move slirp4netns to a separate cgroup (or at least make it configurable) so that systemd could report the failure. I'd not worry about fuse-overlayfs since we are moving...
what version of buildah are you using?
we added a `timeout=0` option for the FUSE mount to cover the use case where the underlying file system can change. It is more expensive though as fuse-overlayfs doesn't keep...