Rodrigo Campos
Rodrigo Campos
Adding vtpm to the runtime spec for containers also faces a similar problem. I posted something I want to try, to see if that helps, although I'm going to be...
@klihub sorry, I was away. Yes, sorry if I wasn't clear [here][link]. What I wanted to say is: doing what this PR does for bind-mounts is what it should be...
@AkihiroSuda can you please add the ok-to-test so k8s runs too?
(not sure if the E2E/Kubernetes Node already does everything or not?)
The failure on almalinux9 is a known flaky test
@ningmingxiao can you explain the race in more detail? Is this code executed on a `runc exec` into a container, that while that is executing another process runs `runc delete`...
Ohh, makes sense. Thanks!
@lifubang friendly ping? I intend to merge if your concern has been solved
Restrictions that apply only after exec are useful for runtimes like runc, too. Specially to offer a landlock policy for the container (the same we do for seccomp). For example,...
@adonovan thanks! That version doesn't have any meaningful difference here (maybe instead of 2000% it uses 1900%?)