Mathieu Tortuyaux

/test pull-cluster-api-provider-azure-e2e-optional

/test pull-cluster-api-provider-azure-e2e-optional

Hello @mboersma, I am taking over this PR and I see you're assigned for review on this PR: commits have been rebased, small changes have been made and optional tests...

Having a Github URL in the MOTD can be a burden to maintain? (e.g we changed two or three times the Github organization name kinvolk -> flatcar-linux -> flatcar). What...

Hello, I think it's more a configuration issue. The default containerd seccomp profile do not log by default (https://github.com/containerd/containerd/blob/3b0b3e533ce1f60a60ab83905374d1ce43330063/contrib/seccomp/seccomp_default.go#L485). If you are just interested by logging first, you can have...

I think it's a bit like SELinux: you first need to run SELinux in a permissive mode to ensure that you don't have any denials in your logs then you...

@igcherkaev I just came across this blogpost: https://kubernetes.io/blog/2022/12/02/seccomp-notifier/ > We're simply not able to see the whole impact of that, especially because blocked syscalls via SCMP_ACT_ERRNO do not provide any...

@igcherkaev you might be interested with https://github.com/inspektor-gadget/inspektor-gadget/blob/main/docs/builtin-gadgets/audit/seccomp.md too.

Hi @mikekuzak, `fusefs` is only enabled for `oem-vmware.raw` at the moment but the packages and the kernel modules are around: ``` core@localhost ~ $ mount.fuse3 usage: mount.fuse3 type#[source] destination [-t...

@cringdahl Hey, I implemented the `flatcar-sysext` template and IIRC it was based on the template `without-lb` that would explain this issue. Would you mind sending a PR to fix that?...