runtime-spec icon indicating copy to clipboard operation
runtime-spec copied to clipboard
verified publisher icon opencontainers

keyring configuration

Open cyphar opened this issue 8 years ago • 3 comments

With runC we have a special flag for runc run that enables/disables the creation of a new kernel keyring. The main reason we have the option is that older kernels had issues with allocating a lot of keyrings (so in order to run containers on old kernels you need to disable the creation of a new keyring).

However, while keyrings aren't containerised on Linux, maybe it makes sense for us to include some keyring information in config-linux?

cyphar avatar Apr 05 '17 09:04 cyphar

@cyphar do you think this is something we'd be safe to think/discuss about post-1.0? (it sounds like it's something that'd be fine to add in a 1.1, for example)

tianon avatar May 24 '17 15:05 tianon

Yeah, this would be post-1.0. As an aside, it looks like there's some (worrying) move to namespace these as well as a few other things in a pretty insane way.

cyphar avatar May 24 '17 16:05 cyphar

See proposal in #950

justincormack avatar Feb 16 '18 17:02 justincormack