• Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Core
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 50% To Do, 0% In Progress, 50% Done
    • 0
    • 0

      Background

      Currently the way docker and most other container runtimes work is by masking|
      and setting as read-only certain paths in `/proc`. This is to prevent data|
      from being exposed into a container that should not be. However, there are|
      certain use-cases where it is necessary to turn this off.

      Motivation

      For end-users who would like to run unprivileged containers using user namespaces
      nested inside CRI containers, we need an option to have a `ProcMount`. That is,
      we need an option to designate explicitly turn off masking and setting
      read-only of paths so that we can
      mount `/proc` in the nested container as an unprivileged user.

            gausingh@redhat.com Gaurav Singh
            gausingh@redhat.com Gaurav Singh
            Matthew Werner Matthew Werner
            Derrick Ornelas Derrick Ornelas
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: