[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error |
Date: |
Wed, 29 Jul 2020 15:29:53 +0100 |
On Tue, Jul 28, 2020 at 03:15:25PM -0400, Daniel Walsh wrote:
> On 7/28/20 11:32, Stefan Hajnoczi wrote:
> > On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote:
> >> On Tue, Jul 28, 2020 at 3:07 AM misono.tomohiro@fujitsu.com <
> >> misono.tomohiro@fujitsu.com> wrote:
> >>
> >>>> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an
> >>> error
> >> "Just" pointing docker to a different seccomp.json file is something which
> >> k8s users/admin in many cases can't do.
> > There is a Moby PR to change the default seccomp.json file here but it's
> > unclear if it will be merged:
> > https://github.com/moby/moby/pull/41244
> >
> > Stefan
>
> Why not try Podman?
Absolutely, Podman allows unshare(2) in its default seccomp policy so it
does not have this problem.
I think Roman's point was mainly about the upstream user experience
where Docker is common.
Stefan
signature.asc
Description: PGP signature
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, (continued)
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Daniel Walsh, 2020/07/28
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Vivek Goyal, 2020/07/28
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Roman Mohr, 2020/07/29
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Stefan Hajnoczi, 2020/07/29
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Stefan Hajnoczi, 2020/07/28
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error, Daniel Walsh, 2020/07/28
- Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error,
Stefan Hajnoczi <=