runc
runc copied to clipboard
opencontainers
CLI tool for spawning and running containers according to the OCI specification
Seen on https://cirrus-ci.com/task/5467129087524864?logs=integration_systemd#L99. ``` not ok 76 kill detached busybox # (in test file tests/integration/kill.bats, line 27) # `[ "$status" -eq 0 ]' failed # runc spec (status=0): # #...
Now, if we use `runc update` to update the resources limit of a container, `runc` will set configs back when there is an error. But, we can't set the config...
#### libct.IntelRdtFs(): simplify - remove unneeded wrapping func, as intelrdt.NewManager already has the correct signature. - reverse the if/else to be clearer that either "IsCATEnabled()" and/or "IsMBAEnabled()" need to be...
Currently in case of rootless scenario which implies usernamespace creation. The only one user inside user namespace which is allowed - it's root user. But for scenarios with higher level...
I extended the GitHub action to run gosec as part of a build. I mitigated the one finding: * In checkpoint.go there was a `Atoi` followed by a cast to...
Relates to: - https://github.com/moby/moby/issues/42906 docker container is privileged tries to assume more capabilities than available - https://github.com/moby/buildkit/pull/2394 fix: provide only available capabilities to insecure environment - https://github.com/moby/moby/pull/42911 fix: don't attempt...
WIP: This branch has only been build-tested. Closes #2826
This patch introduces Landlock Linux Security Module (LSM) support in runc, which was landed in Linux kernel 5.13. This allows unprivileged processes to create safe security sandboxes that can securely...
Metadata
Owner
Metadata
CLI tool for spawning and running containers according to the OCI specification