Luca Bruno

Along those lines, some more issues we are aware of: - /proc and /sys RW access (but there is some good progress at https://github.com/systemd/systemd/pull/4395) - hardcoded seccomp filters (eg. [this](https://github.com/systemd/systemd/blob/master/src/nspawn/nspawn-seccomp.c#L64)...

:+1: for going through the archiving process. For reference, the previous development team at CoreOS got dismantled, and post Red Hat acquisition there are no plan to push the development...

Thanks for the report. I'm not sure I've exactly understood your expectation, but the argument-passing behavior is documented here: https://github.com/rkt/rkt/blob/2401fd846a941ca4e567eba658aa59a80581b6f6/Documentation/subcommands/run.md#passing-arguments Is your container image behaving differently than that or were...

The only other source of confusion I see is if some aci specifies a `tcp-80` name for some other custom port (eg. pointing to UDP 53). But I'd honestly prefer...

So are we in agreement that we should: * remove `--raw-port` from rkt-app * add the name parsing logic to `--port` right?

@lorddaedra thanks for the report. Can you please provide more information regarding your setup? Which Ubuntu release, kernel version and systemd version are there? Is systemd-machined installed and running? Are...

@lorddaedra is there a reason why those properties are set on the unit? ``` KillMode=mixed KillSignal=SIGQUIT ``` This seems to be root cause of your issues, as it results in...

Unfortunately, that's not how it works. The CNI plugins exactly [declare](https://github.com/containernetworking/plugins/blob/1d973f59d2a546a77994b1a17e537757dc0acb85/Godeps/Godeps.json#L55) on which go-systemd version they depends, and they are currently not compatible with v17. Dependency lockfiles and vendored trees...

Indeed. I started with the dependency bump on CNI plugins: https://github.com/containernetworking/plugins/pull/154. Updating rkt to use a new major release of CNI will be tedious though.

Couple of questions to follow up on this: - is this a regression compared to 1.8.0 or was that one running in permissive mode? - can you please attach AVC...