-
I'm opening this issue to track improvements on systemd cgroup driver I and some others are working on.
The main motivations to improve the systemd cgroup driver are:
* It's a path towards cgro…
-
**This is a...**
- [x] Feature Request
- [ ] Bug Report
Study this topic: [Images](https://kubernetes.io/docs/concepts/containers/images/). Either delete this topic or prune it. Much of the co…
-
### Description
Trying to start a Kubernetes container with userns using the nginx official image, fails. This was reported here: https://github.com/containerd/containerd/issues/10598 by @ctrox.
…
-
A blob referenced via [descriptor](https://github.com/opencontainers/image-spec/blob/master/descriptor.md) MAY be a fine-graind CAS archive. e.g. continuity manifest. (WIP: https://github.com/open…
-
### What version of Go are you using (`go version`)?
$ go version
go version devel go1.22-54452b963c Thu Nov 2 10:34:00 2023 +0000 linux/amd64
### Does this issue reproduce with the lat…
-
Hello,
this code is not working
```
package main
import (
"github.com/containerd/cgroups/v3/cgroup1"
"github.com/opencontainers/runtime-spec/specs-go"
)
func uint32Ptr(v uint32) *uint3…
-
Running `cosign attest ` (almost) concurrently can have the side effect that attestations written to the container registry previously are overridden by later invocations:
1. `cosign attest` no 1 r…
-
### What happened?
While deploying pod on OCP, image was pulled successfully and pod was in running state. After some time we can pod is still in running state but some of the binaries are missing. T…
-
There is limited support for OCI artifacts that hadn't been built with Flux CLI.
One can use `spec.layerSelector.mediaType`, however it doesn't handle searching images with an index.
There is also…
-
With the discussions about some of the limitations of (lib)seccomp (#2151, #2735 etc.), especially in the context of determining which error to return for syscalls that may or may not be around at run…