Rodrigo Campos
Rodrigo Campos
@haircommander friendly ping? :)
@jokemanfire can you post how the error was shown before too? I'm not against, if it adds clarity and helps to debug something. But it's not clear adding that will...
Okay, looking at the PR and the error, I can see what was shown before. Looking at the discussion, it seems this happens if you are running a `grep -R`...
You will need to sing-off the commit, as the CI is failing for that
@fuweid I don't see what the issue can be: running with host network is a privileged operation in Kubernetes. The moment you allow it, the container is privileged (requires a...
Hi! userns KEP author here. I'm not very familiar with the CDI injection process to provide more input. do you have any links I should read? My _current_ opinion without...
> Currently if an injected device node does not come with UID/GID's or permission bits specified in the CDI Spec, IIRC we take a look at the corresponding device node...
@elezar sure. The devices object in the runtime-spec has a uid/gid: https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#devices. I'm proposing to set those when devices are injected. I'm proposing to set it to the user mapped...
Cool. I'd add to that, to handle all the cases, that if the UID/GID is not mapped, then we set uid/gid as 0 inside the container. Just curious, completely out...
@everzakov ohh, thanks for catching this! Okay, so runc is already setting the uid/gid to root inside the container and that doesn't work :( So, for bind-mounts of filesystems (a...